From f2b919fd5114c280b142c2fffe0ae36f58d887da Mon Sep 17 00:00:00 2001
From: mojyack <mojyack@gmail.com>
Date: Thu, 24 Oct 2024 11:47:50 +0900
Subject: [PATCH] Fixed race condition potentially resulting in referencing
 freed registry

---
 src/conn.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/conn.c b/src/conn.c
index 98b4440d..5581ba4d 100644
--- a/src/conn.c
+++ b/src/conn.c
@@ -136,7 +136,6 @@ int conn_create(juice_agent_t *agent, udp_socket_config_t *config) {
 		return -1;
 	}
 	conn_registry_t *registry = entry->registry;
-	mutex_unlock(&entry->mutex);
 
 	JLOG_DEBUG("Creating connection");
 	if (registry) {
@@ -154,6 +153,7 @@ int conn_create(juice_agent_t *agent, udp_socket_config_t *config) {
 			if (!new_agents) {
 				JLOG_FATAL("Memory reallocation failed for connections array");
 				mutex_unlock(&registry->mutex);
+				mutex_unlock(&entry->mutex);
 				return -1;
 			}
 
@@ -164,6 +164,7 @@ int conn_create(juice_agent_t *agent, udp_socket_config_t *config) {
 
 		if (get_mode_entry(agent)->init_func(agent, registry, config)) {
 			release_registry(entry); // unlocks the registry
+			mutex_unlock(&entry->mutex);
 			return -1;
 		}
 
@@ -175,13 +176,14 @@ int conn_create(juice_agent_t *agent, udp_socket_config_t *config) {
 
 	} else {
 		if (get_mode_entry(agent)->init_func(agent, NULL, config)) {
-			mutex_unlock(&registry->mutex);
+			mutex_unlock(&entry->mutex);
 			return -1;
 		}
 
 		agent->conn_index = -1;
 	}
 
+	mutex_unlock(&entry->mutex);
 	conn_interrupt(agent);
 	return 0;
 }