Re: [reSIProcate] corruption inSdpContents::Session::Medium::codecs()
Hi,
When I was trying to use resiprocate on Windows CE, I also found that memory
was being overwritten unexpectedly. After some debugging I found out the
following: when I printed the size of some resiprocate classes in my main
program, it was different from when I printed the size from within
the resiprocate library. It seems that the point at which a windows related
header file is included can influence the size of some structures, which,
of course, can easily cause stack corruption.
As a workaround, I made sure that all headers and source files of resiprocate
first include winsock2.h and windows.h. After that, everything worked fine.
Perhaps something similar is happening here?
Bye,
Jori
> I also run it under debug without any problems, but found that the memory
> location for mBuf was being overwritten after clearAttribute. It shouldn't
> be and I have no idea why it is.
>
> -----Original Message-----
> From: resiprocate-devel-bounces@xxxxxxxxxxxxxxxxxxx
> [mailto:resiprocate-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Scott
> Godin
> Sent: Tuesday, October 31, 2006 10:25 AM
> To: Justin Matthews; resiprocate-devel@xxxxxxxxxxxxxxxxxxx
> Subject: Re: [reSIProcate] corruption
> inSdpContents::Session::Medium::codecs()
>
> Try what? I exercise this code under debug build all of the time
> without any problems.
>
> > -----Original Message-----
> > From: Justin Matthews [mailto:jmatthewsr@xxxxxxxxx]
> > Sent: Tuesday, October 31, 2006 10:08 AM
> > To: Scott Godin; resiprocate-devel@xxxxxxxxxxxxxxxxxxx
> > Subject: RE: [reSIProcate] corruption in
> > SdpContents::Session::Medium::codecs()
> >
> > Actually, I am still looking into this. The code doesn't appear to do
> > anything wrong, but for some reason on the Debug windows build the
> > memory
> > for mRtpMap[0].second->mName.mBuf is overwritten (using memory watch
>
> on
>
> > the
> > location for mBuf) after the clearAttribute() call. I still need to
> > look
> > into exactly why. Scott, could you try this under the Debug build and
> > see
> > if you get the same behavior?
> >
> > Thanks,
> >
> > -justin
> >
> > -----Original Message-----
> > From: Scott Godin [mailto:slgodin@xxxxxxxxxxxx]
> > Sent: Tuesday, October 31, 2006 9:51 AM
> > To: Justin Matthews; resiprocate-devel@xxxxxxxxxxxxxxxxxxx
> > Subject: RE: [reSIProcate] corruption in
> > SdpContents::Session::Medium::codecs()
> >
> > I'm not following this. clearAttribute does not do anything with a
> > ParseBuffer.
> >
> > Do you have a test program that fails, that can demonstrate what you
> > are
> > pointing out?
> >
> > Scott
> >
> > > -----Original Message-----
> > > From: resiprocate-devel-bounces@xxxxxxxxxxxxxxxxxxx
> > > [mailto:resiprocate-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of
> > > Justin Matthews
> > > Sent: Tuesday, October 17, 2006 6:03 PM
> > > To: resiprocate-devel@xxxxxxxxxxxxxxxxxxx
> > > Subject: [reSIProcate] corruption in
> > > SdpContents::Session::Medium::codecs()
> > >
> > > Hello, is the following correct? If so, any ideas on the best way
>
> to
>
> > > fix
> > > this?
> > >
> > > Thanks,
> > >
> > > -Justin
> > >
> > > In SdpContents::Session::Medium::codecs():
> > >
> > > // don't store twice
> > > mFormats.clear();
> > > mAttributeHelper.clearAttribute(rtpmap);
> > > mAttributeHelper.clearAttribute(fmtp); // parsed out in
> > > codec.parse
> > >
> > > Calling clearAttribute will destroy the ParseBuffer for rtpmap and
> >
> > fmtp
> >
> > > which is now being accessed by the mRtpMap entries that are created
> > > earlier
> > > in this function. Accessing data members that store resip::Data
> > > objects
> > > such as Codec::mName will be accessing previously free'd memory
> >
> > blocks.
>
> -----------------------------------------------------------------------
>
> > > -----
> > >
> > > SdpContents::Session::Medium::codecs()
> > > {
> > > .
> > >
> > > if (exists(rtpmap))
> > > {
> > > for (list<Data>::const_iterator i =
> >
> > getValues(rtpmap).begin();
> >
> > > i != getValues(rtpmap).end(); ++i)
> > > {
> > > //DebugLog(<< "SdpContents::Session::Medium::getCodec("
> >
> > <<
> >
> > > *i <<
> > > ")");
> > > ParseBuffer pb(i->data(), i->size());
> > > int format = pb.integer();
> > > // pass to codec constructor for parsing
> > > // pass this for other codec attributes
> > > try
> > > {
> > > mRtpMap[format].parse(pb, *this, format);
> > > }
>
> -----------------------------------------------------------------------
>
> > > -----
> > > Codec::parse(ParseBuffer& pb,
> > > const SdpContents::Session::Medium& medium,
> > > int payloadType)
> > > {
> > > const char* anchor = pb.skipWhitespace();
> > > pb.skipToChar(Symbols::SLASH[0]);
> > > pb.data(mName, anchor);
> > > .
> > > }
>
> -----------------------------------------------------------------------
>
> > > -----
> > >
> > > ParseBuffer::data(Data& data, const char* start) const
> > > {
> > > if (!(mBuff <= start && start <= mPosition))
> > > {
> > > fail(__FILE__, __LINE__,"Bad anchor position");
> > > }
> > >
> > > if (data.mMine == Data::Take)
> > > {
> > > delete[] data.mBuf;
> > > }
> > > data.mSize = (unsigned int)(mPosition - start);
> > > data.mBuf = const_cast<char*>(start);
> > > data.mCapacity = data.mSize;
> > > data.mMine = Data::Share;
> > > }
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > resiprocate-devel mailing list
> > > resiprocate-devel@xxxxxxxxxxxxxxxxxxx
> > > https://list.sipfoundry.org/mailman/listinfo/resiprocate-devel
>
> _______________________________________________
> resiprocate-devel mailing list
> resiprocate-devel@xxxxxxxxxxxxxxxxxxx
> https://list.sipfoundry.org/mailman/listinfo/resiprocate-devel
>
> _______________________________________________
> resiprocate-devel mailing list
> resiprocate-devel@xxxxxxxxxxxxxxxxxxx
> https://list.sipfoundry.org/mailman/listinfo/resiprocate-devel