Hi Alexei, Thanks for the report and the patch. Is dialog lock not sufficient for this purpose? If not, can you please elaborate more, perhaps with a sample scenario (and a brief stack trace, if necessary)? FYI, we might have a similar problem in ticket #1902 (https://trac.pjsip.org/repos/ticket/1902). Best regards, Ming On Tue, Aug 23, 2016 at 12:11 AM, Alexei Gradinari <alex2grad@xxxxxxxxx> wrote: > Hello, > > When a transport error occured on an INVITE session > the pjproject calls on_tsx_state_changed with new > state PJSIP_INV_STATE_DISCONNECTED and immediately > destroys the INVITE session. > At the same time this INVITE session could being > processed on another thread. > This thread could use the session's memory pools which > were already freed, so we get segfault. > > This patch adds a reference counter and new functions: > pjsip_inv_session_add_ref and pjsip_inv_session_dec_ref. > The INVITE session is destroyed only when the reference > counter has reached zero. > > To avoid race condition an application should call > pjsip_inv_session_add_ref/pjsip_inv_session_dec_ref. > > > Regards, > Alexei > _______________________________________________ > Visit our blog: http://blog.pjsip.org > > pjsip mailing list > pjsip@xxxxxxxxxxxxxxx > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org > _______________________________________________ Visit our blog: http://blog.pjsip.org pjsip mailing list pjsip@xxxxxxxxxxxxxxx http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
