andre-d-brizido-alb
commented
8 years ago In session.c in the nc_session_send_recv function, if the final outcome is unknown or none, a message received with a different message ID of the one desired may be returned to the caller after being inserted into the session's queue. The caller of nc_session_send_recv function can then free that message leaving an invalid reference in the queue.
In nc_session_send_recv the reply should not be returned if it's going to be inserted in the queue.