[reSIProcate] corruption in SdpContents::Session::Medium::codecs()
Hello, is the following correct? If so, any ideas on the best way to fix
this?
Thanks,
-Justin
In SdpContents::Session::Medium::codecs():
// don't store twice
mFormats.clear();
mAttributeHelper.clearAttribute(rtpmap);
mAttributeHelper.clearAttribute(fmtp); // parsed out in codec.parse
Calling clearAttribute will destroy the ParseBuffer for rtpmap and fmtp
which is now being accessed by the mRtpMap entries that are created earlier
in this function. Accessing data members that store resip::Data objects
such as Codec::mName will be accessing previously free'd memory blocks.
----------------------------------------------------------------------------
SdpContents::Session::Medium::codecs()
{
.
if (exists(rtpmap))
{
for (list<Data>::const_iterator i = getValues(rtpmap).begin();
i != getValues(rtpmap).end(); ++i)
{
//DebugLog(<< "SdpContents::Session::Medium::getCodec(" << *i <<
")");
ParseBuffer pb(i->data(), i->size());
int format = pb.integer();
// pass to codec constructor for parsing
// pass this for other codec attributes
try
{
mRtpMap[format].parse(pb, *this, format);
}
----------------------------------------------------------------------------
Codec::parse(ParseBuffer& pb,
const SdpContents::Session::Medium& medium,
int payloadType)
{
const char* anchor = pb.skipWhitespace();
pb.skipToChar(Symbols::SLASH[0]);
pb.data(mName, anchor);
.
}
----------------------------------------------------------------------------
ParseBuffer::data(Data& data, const char* start) const
{
if (!(mBuff <= start && start <= mPosition))
{
fail(__FILE__, __LINE__,"Bad anchor position");
}
if (data.mMine == Data::Take)
{
delete[] data.mBuf;
}
data.mSize = (unsigned int)(mPosition - start);
data.mBuf = const_cast<char*>(start);
data.mCapacity = data.mSize;
data.mMine = Data::Share;
}