POQUILLON, Bernard wrote: > Hi, Kia ora, > I am using PJSIP 2.3 and sometimes I face crashes when I receive a third > INVITE (equivalent to UPDATE). The scenario is: > > 1)INVITE with SDP received then 200/OK with SDP sent > > 2)INVITE with no SDP received. 200/OK with SDP sent and ACK with SDP > received. > > 3)INVITE with SDP received > > My code uses PJSIP invite API. The structure pjsip_inv_session has 2 > pools to deal with SDP negotiation, pool_prov and pool_active, and > switches between them after each negotiation. > > The pjmedia_sdp_neg structure (defined in sdp_neg.c) has a copy of the > initial local SDP in field initial_sdp. > > When I receive the first INVITE, pjmedia_sdp_neg_set_local_answer is > called and builds initial_sdp, taking memory from pool_prov. At the end > of the negotiation, pool_prov and pool_active are swapped so initial_sdp > is in pool_active. Pool_prov is cleaned. > > When the 2^nd INVITE arrives, with no SDP, The API inserts a SDP into > the answer, using pjmedia_sdp_neg_send_local_offer. This function does > not touch initial_sdp. When the ACK, with SDP, is received, negotiation > is done and buffers are swapped so initial_sdp is in pool_prov and cleaned. > > For the 3^rd INVITE, with SDP, mod_inv.cb.on_rx_offer callback is called > with the offer. The callback calls pjsip_inv_set_sdp_answer with the > local SDP and pjsip_inv_set_sdp_answer calls > pjmedia_sdp_neg_set_local_answer which tries to duplicate initial_sdp. > But it was cleaned at the end of the previous negotiation? This has been fixed in PJSIP 2.4. The issue[1] has a link to the patch[2] which you can backport to 2.3. Cheers, [1] https://trac.pjsip.org/repos/ticket/1834 [2] https://trac.pjsip.org/repos/changeset/5040 -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - US Check us out at: www.digium.com & www.asterisk.org
