Merge pull request #700 from micmac1/ast16.20

[feed/telephony.git] / libs / pjproject / patches / 0011-sip_inv_patch.patch

diff --git a/libs/pjproject/patches/0011-sip_inv_patch.patch b/libs/pjproject/patches/0011-sip_inv_patch.patch
new file mode 100644 (file)
index 0000000..c410b9a
--- /dev/null
+++ b/libs/pjproject/patches/0011-sip_inv_patch.patch
@@ -0,0 +1,37 @@
+commit c3c1bf45cae2a35003aa16c267d59f97027f9c5e
+Author: Kevin Harwell <kharwell@digium.com>
+Date:   Thu Jun 11 11:11:13 2020 -0500
+
+    sip_inv - fix invite session ref count crash
+    
+    Ensure the session's ref count is only decremented under proper conditons.
+    
+    For more details see the following issue report:
+    https://github.com/pjsip/pjproject/issues/2443
+    
+    Patch supplied by sauwming
+
+--- a/pjsip/src/pjsip-ua/sip_inv.c
++++ b/pjsip/src/pjsip-ua/sip_inv.c
+@@ -323,9 +323,19 @@ static void inv_set_state(pjsip_inv_sess
+       (*mod_inv.cb.on_state_changed)(inv, e);
+     pjsip_inv_dec_ref(inv);
+ 
+-    /* Only decrement when previous state is not already DISCONNECTED */
++    /* The above callback may change the state, so we need to be careful here
++     * and only decrement inv under the following conditions:
++     * 1. If the state parameter is DISCONNECTED, and previous state is not
++     *    already DISCONNECTED.
++     *    This is to make sure that dec_ref() is not called more than once.
++     * 2. If current state is PJSIP_INV_STATE_DISCONNECTED.
++     *    This is to make sure that dec_ref() is not called if user restarts
++     *    inv within the callback. Note that this check must be last since
++     *    inv may have already been destroyed.
++     */
+     if (state == PJSIP_INV_STATE_DISCONNECTED &&
+-      prev_state != PJSIP_INV_STATE_DISCONNECTED) 
++      prev_state != PJSIP_INV_STATE_DISCONNECTED &&
++      inv->state == PJSIP_INV_STATE_DISCONNECTED) 
+     {
+       pjsip_inv_dec_ref(inv);
+     }