Review Board 1.7.16

res_pjsip_refer: Fix crash from a REFER and BYE collision.

Review Request #4417 - Created Feb. 13, 2015 and submitted

Analyzing a one off crash on a busy system showed that processing a REFER
request had a NULL session channel pointer.  The only way I can think of
that could cause this is if an outgoing BYE transaction overlapped the
incoming REFER transaction in a collision.  Asterisk sends a BYE while the
phone sends a REFER to complete an attended transfer.

* Made check the session channel pointer before processing an incoming
REFER request in res_pjsip_refer.

* Fixed similar crash potential for res_pjsip supplement incoming request
processing for res_pjsip_sdp_rtp INFO, res_pjsip_caller_id INVITE/UPDATE,
res_pjsip_messaging MESSAGE, and res_pjsip_send_to_voicemail REFER

* Made res_pjsip_messaging respond to a message body too large with a 413
instead of ignoring it.
Since this is a very timing dependent problem, I made some calls and did an attended transfer for a warm fuzzy that nothing serious broke.
Review request changed
Updated (Feb. 17, 2015, 10:25 a.m.)
  • changed from pending to submitted
Committed in revision 431915 runs on a server provided by Digium, Inc. and uses bandwidth donated to the open source Asterisk community by API Digital Communications in Huntsville, AL USA.
Please report problems with this site to