From fcea6910f60760527d874465f65cb617bc6f88a2 Mon Sep 17 00:00:00 2001 From: Scott Griepentrog Date: Tue, 8 Sep 2015 10:35:57 -0500 Subject: [PATCH] pjsip: avoid possible crash req_caps allocation failure Make certain that the pjsip session has not failed to allocate the format capabilities structure, which can otherwise cause a crash when referenced. ASTERISK-25323 Change-Id: I602790ba12714741165e441cc64a3ecde4cb5750 --- res/res_pjsip_session.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/res/res_pjsip_session.c b/res/res_pjsip_session.c index 1dcac7e972..fc8724820a 100644 --- a/res/res_pjsip_session.c +++ b/res/res_pjsip_session.c @@ -1297,6 +1297,11 @@ struct ast_sip_session *ast_sip_session_alloc(struct ast_sip_endpoint *endpoint, session->contact = ao2_bump(contact); session->inv_session = inv_session; session->req_caps = ast_format_cap_alloc(AST_FORMAT_CAP_FLAG_DEFAULT); + if (!session->req_caps) { + /* Release the ref held by session->inv_session */ + ao2_ref(session, -1); + return NULL; + } if ((endpoint->dtmf == AST_SIP_DTMF_INBAND) || (endpoint->dtmf == AST_SIP_DTMF_AUTO)) { dsp_features |= DSP_FEATURE_DIGIT_DETECT;