Fix #40: Prevent segfault from NULL via_p1 in transaction matching

Add comprehensive NULL checks to prevent segmentation faults when
matching SIP transactions with corrupted or invalid state:

1. compare_branch(): Check t, t->msg, and t->msg->via_p1 before access
2. match_reply(): Add NULL check for stored transaction's msg and via_p1

The crash occurred when iterating through stored transactions and
attempting to match branch parameters. While the incoming message's
via_p1 is validated by assertion, stored transactions could have NULL
via_p1 due to memory corruption, parser edge cases, or race conditions.

Changes from original fix:
- Also protect match_reply() which had the same vulnerability
- Check t->msg before t->msg->via_p1 to prevent cascading NULL deref
- Use ERROR instead of WARN (indicates serious bug condition)
- Add diagnostic pointer values to log message

Fixes: #40

Author: Marcel Hecko

core/sip/trans_table.cpp

@@ -61,6 +61,13 @@ trans_bucket::~trans_bucket()
 static inline bool compare_branch(sip_trans* t, sip_msg* msg,
 				  const char* branch, unsigned int branch_len)
 {
+    if(!t || !t->msg || !t->msg->via_p1) {
+	ERROR("BUG: Invalid transaction in compare_branch (t=%p, msg=%p, via_p1=%p)\n",
+	      (void*)t, t ? (void*)t->msg : NULL,
+	      (t && t->msg) ? (void*)t->msg->via_p1 : NULL);
+	return false;
+    }
+
     if(t->msg->via_p1->branch.len != branch_len + MAGIC_BRANCH_LEN)
 	return false;
 
@@ -287,11 +294,17 @@ sip_trans* trans_bucket::match_reply(sip_msg* msg)
 
     trans_list::iterator it = elmts.begin();
     for(;it!=elmts.end();++it) {
-	
+
 	if((*it)->type != TT_UAC){
 	    continue;
 	}
 
+	// Defensive NULL check - should never happen but prevents crash
+	if(!(*it)->msg || !(*it)->msg->via_p1) {
+	    ERROR("BUG: Invalid transaction in match_reply\n");
+	    continue;
+	}
+
 	if((*it)->msg->via_p1->branch.len != msg->via_p1->branch.len)
 	    continue;