+++ /dev/null
-commit c3c1bf45cae2a35003aa16c267d59f97027f9c5e
-Author: Kevin Harwell <kharwell@digium.com>
-Date: Thu Jun 11 11:11:13 2020 -0500
-
- sip_inv - fix invite session ref count crash
-
- Ensure the session's ref count is only decremented under proper conditons.
-
- For more details see the following issue report:
- https://github.com/pjsip/pjproject/issues/2443
-
- Patch supplied by sauwming
-
---- a/pjsip/src/pjsip-ua/sip_inv.c
-+++ b/pjsip/src/pjsip-ua/sip_inv.c
-@@ -323,9 +323,19 @@ static void inv_set_state(pjsip_inv_sess
- (*mod_inv.cb.on_state_changed)(inv, e);
- pjsip_inv_dec_ref(inv);
-
-- /* Only decrement when previous state is not already DISCONNECTED */
-+ /* The above callback may change the state, so we need to be careful here
-+ * and only decrement inv under the following conditions:
-+ * 1. If the state parameter is DISCONNECTED, and previous state is not
-+ * already DISCONNECTED.
-+ * This is to make sure that dec_ref() is not called more than once.
-+ * 2. If current state is PJSIP_INV_STATE_DISCONNECTED.
-+ * This is to make sure that dec_ref() is not called if user restarts
-+ * inv within the callback. Note that this check must be last since
-+ * inv may have already been destroyed.
-+ */
- if (state == PJSIP_INV_STATE_DISCONNECTED &&
-- prev_state != PJSIP_INV_STATE_DISCONNECTED)
-+ prev_state != PJSIP_INV_STATE_DISCONNECTED &&
-+ inv->state == PJSIP_INV_STATE_DISCONNECTED)
- {
- pjsip_inv_dec_ref(inv);
- }