pjsip · trengginas · Oct 19, 2023 · Oct 17, 2023 · Oct 18, 2023 · Oct 19, 2023
diff --git a/pjsip/include/pjsip-ua/sip_inv.h b/pjsip/include/pjsip-ua/sip_inv.h
@@ -810,6 +810,10 @@ PJ_DECL(pj_status_t) pjsip_inv_invite( pjsip_inv_session *inv,
  * Create the initial response message for the incoming INVITE request in
  * rdata with  status code st_code and optional status text st_text. Use
  * #pjsip_inv_answer() to create subsequent response message.
+ * Notes: 
+ * - Upon failure, p_tdata might still get set. To avoid leak,
+ *   it needs to be sent or otherwise decrement the reference count using 
+ *   #pjsip_tx_data_dec_ref().
  */
 PJ_DECL(pj_status_t) pjsip_inv_initial_answer(  pjsip_inv_session *inv,
                                                 pjsip_rx_data *rdata,

diff --git a/pjsip/include/pjsip/sip_dialog.h b/pjsip/include/pjsip/sip_dialog.h
@@ -740,7 +740,8 @@ PJ_DECL(pj_status_t) pjsip_dlg_create_response( pjsip_dialog *dlg,
  *
  * @param dlg               The dialog.
  * @param tdata             The transmit data buffer containing response
- *                          message to be modified.
+ *                          message to be modified. Upon successful return,
+ *                          the reference count will be incremented.
  * @param st_code           New status code to be set.
  * @param st_text           Optional string for custom status reason text.
  *

diff --git a/pjsip/src/pjsip-ua/sip_inv.c b/pjsip/src/pjsip-ua/sip_inv.c
@@ -2669,10 +2669,16 @@ PJ_DEF(pj_status_t) pjsip_inv_initial_answer(   pjsip_inv_session *inv,
             goto on_return;
         }
         status2 = pjsip_timer_update_resp(inv, tdata);
-        if (status2 == PJ_SUCCESS)
+        if (status2 == PJ_SUCCESS) {
+            inv->last_answer = tdata;
             *p_tdata = tdata;
-        else
+        } else {
+            /* To avoid leak, we need to decrement 2 times since
+             * pjsip_dlg_modify_response() increment tdata ref count.
+             */
+            pjsip_tx_data_dec_ref(tdata);
             pjsip_tx_data_dec_ref(tdata);
+        }
 
         goto on_return;
     }
@@ -2755,6 +2761,10 @@ PJ_DEF(pj_status_t) pjsip_inv_answer(   pjsip_inv_session *inv,
     /* Process SDP in answer */
     status = process_answer(inv, st_code, last_res, local_sdp);
     if (status != PJ_SUCCESS) {
+        /* To avoid leak, we need to decrement 2 times since 
+         * pjsip_dlg_modify_response() increment tdata ref count.
+         */
+        pjsip_tx_data_dec_ref(last_res);
         pjsip_tx_data_dec_ref(last_res);
         goto on_return;
     }

diff --git a/pjsip/src/pjsua-lib/pjsua_call.c b/pjsip/src/pjsua-lib/pjsua_call.c
@@ -5552,6 +5552,9 @@ static void pjsua_call_on_rx_offer(pjsip_inv_session *inv,
                                               (pjsip_rx_data *)param->rdata,
                                               100, NULL, NULL, &response);
             if (status != PJ_SUCCESS) {
+                if (response) {
+                    pjsip_tx_data_dec_ref(response);
+                }
                 PJ_PERROR(3, (THIS_FILE, status,
                               "Failed to create initial answer"));
                 goto on_return;