On Thu 14.01.16 08:35, Christian Spielberger wrote: > Hi, > > in some situations (e.g. io errors, SIP errors) call_released is called > without > prior call_terminated. These leads to a segfault, later when > linphone_core_iterate > is called, because the call object is freed but not removed from the calls > list. > > In my case (some kind of SIP error, which should not be discussed here) in > sal_op_call.c function process_dialog_terminated calls call_set_released > without > prior p->base.root->callbacks.call_terminated, because it does not run into > the > BELLE_SIP_DIALOG_CONFIRMED case. Instead we have BELLE_SIP_DIALOG_EARLY. The > call > state changes from LinphoneCallOutgoingEarlyMedia directly to > LinphoneCallReleased. > > There might be also some cases of call_set_released without prior termination > in > function call_process_response. Maybe they also lead to a segfault. > > I have linphone 3.9.1 with belle-sip 1.4.2. > > Regards, > Christian Spielberger. > > > _______________________________________________ > Linphone-users mailing list > [email protected] > https://lists.nongnu.org/mailman/listinfo/linphone-users
I saw that there something changed since tag 3.9.1, but there is still a segfault. I would suggest the attached patch. -- Best regards Christian Spielberger
>From 44dd4ba72643c3b1c4cdd8355521275fe002f977 Mon Sep 17 00:00:00 2001 From: Christian Spielberger <[email protected]> Date: Thu, 14 Jan 2016 11:37:39 +0100 Subject: [PATCH] bellesip_sal: fix segfault in case of early dialog termination --- coreapi/bellesip_sal/sal_op_call.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/coreapi/bellesip_sal/sal_op_call.c b/coreapi/bellesip_sal/sal_op_call.c index 42e6363..424c699 100644 --- a/coreapi/bellesip_sal/sal_op_call.c +++ b/coreapi/bellesip_sal/sal_op_call.c @@ -168,8 +168,11 @@ static void process_dialog_terminated(void *ctx, const belle_sip_dialog_terminat case BELLE_SIP_DIALOG_NULL: if (op->state!=SalOpStateTerminated && op->state!=SalOpStateTerminating) { /*this is an early termination due to incorrect response received*/ + sal_error_info_set(&op->error_info,SalReasonIOError,503,"I/O error",NULL); op->base.root->callbacks.call_failure(op); op->state=SalOpStateTerminating; + call_set_released(op); + return; } break; case BELLE_SIP_DIALOG_CONFIRMED: -- 1.9.1
_______________________________________________ Linphone-users mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/linphone-users
