From e666051d790bb2a9d1e9ff6bb11bd69db6e0efba Mon Sep 17 00:00:00 2001
From: Ben Ford <bford@digium.com>
Date: Fri, 15 Sep 2017 09:43:21 -0500
Subject: [PATCH] res_pjsip_session: Check for removed stream state.

When a sip session is refreshed, the stream topology is looped
through, checking each stream for compatible formats. This would
cause a crash if the stream state was AST_STREAM_STATE_REMOVED,
since the formats would never be set for this stream, causing
a NULL value to be returned from ast_stream_get_formats. This
commit adds a check for streams with removed states.

Also removed a stray semicolon.

Change-Id: Ic86f8b65a4a26a60885b28b8b1a0b22e1b471d42
---
 main/bridge.c           |  2 +-
 res/res_pjsip_sdp_rtp.c |  2 +-
 res/res_pjsip_session.c | 10 ++++++----
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/main/bridge.c b/main/bridge.c
index ab12ecf646..5d9c0c1f75 100644
--- a/main/bridge.c
+++ b/main/bridge.c
@@ -1741,7 +1741,7 @@ int ast_bridge_join(struct ast_bridge *bridge,
 
 	ao2_ref(bridge_channel, -1);
 
-join_exit:;
+join_exit:
 	ast_bridge_run_after_callback(chan);
 	bridge_channel_impart_signal(chan);
 	if (!(ast_channel_softhangup_internal_flag(chan) & AST_SOFTHANGUP_ASYNCGOTO)
diff --git a/res/res_pjsip_sdp_rtp.c b/res/res_pjsip_sdp_rtp.c
index e095f06604..8ec57aa8e1 100644
--- a/res/res_pjsip_sdp_rtp.c
+++ b/res/res_pjsip_sdp_rtp.c
@@ -1338,7 +1338,7 @@ static int create_outgoing_sdp_stream(struct ast_sip_session *session, struct as
 		media->desc.port = 0;
 		media->desc.port_count = 1;
 
-		if (remote) {
+		if (remote && remote->media[ast_stream_get_position(stream)]) {
 			pjmedia_sdp_media *remote_media = remote->media[ast_stream_get_position(stream)];
 			int index;
 
diff --git a/res/res_pjsip_session.c b/res/res_pjsip_session.c
index 64416a0636..77ddfbc146 100644
--- a/res/res_pjsip_session.c
+++ b/res/res_pjsip_session.c
@@ -1455,6 +1455,10 @@ int ast_sip_session_refresh(struct ast_sip_session *session,
 					continue;
 				}
 
+				/* No need to do anything with stream if it's media state is removed */
+				if (ast_stream_get_state(stream) == AST_STREAM_STATE_REMOVED) {
+					continue;
+				}
 
 				/* Enforce the configured allowed codecs on audio and video streams */
 				if (ast_stream_get_type(stream) == AST_MEDIA_TYPE_AUDIO || ast_stream_get_type(stream) == AST_MEDIA_TYPE_VIDEO) {
@@ -1465,14 +1469,12 @@ int ast_sip_session_refresh(struct ast_sip_session *session,
 						ast_sip_session_media_state_free(media_state);
 						return 0;
 					}
-
 					ast_format_cap_get_compatible(ast_stream_get_formats(stream), session->endpoint->media.codecs, joint_cap);
 					if (!ast_format_cap_count(joint_cap)) {
 						ao2_ref(joint_cap, -1);
-						ast_sip_session_media_state_free(media_state);
-						return 0;
+						ast_stream_set_state(stream, AST_STREAM_STATE_REMOVED);
+						continue;
 					}
-
 					ast_stream_set_formats(stream, joint_cap);
 				}
 
-- 
GitLab