Re: [reSIProcate] [PATCH] Reject connection with empty address
Hi Nir,
Thanks for posting this. However, I was unable to reproduce any side effects of this SDP parsing code using SVN mainline. Perhaps a bug fix in ParseBuffer, or Data has already fixed this. I don't see any problems with the code that produces the empty connection address, and calling c_str on this should cause the Data buffer to get reallocated to make room for a null terminator. Were you using an older resip release? Let me know if you think I'm missing something.
Scott
On Thu, Feb 2, 2012 at 4:11 PM, Nir Soffer
<nirs@xxxxxxxxxxx> wrote:
This patch fixes a random crash when SDP with empty address is received.
We have seen random crashes in the field and can reproduce them using this SDP:
v=0
s=VoipSIP
c=IN IP4
t=0 0
m=audio 0 RTP/AVP
When testing this in debug build, we get an empty address as expected. However, in a real application (optimized build), we get random crashes when handling this SDP.
The crashes usually happen in resip::Data::c_str.
Looking at core dumps, we see that mBuf is NULL or points to some unrelated static error string ("double free ..."). mSize is some random huge value (e.g. 138456879) and mMine has invalid huge values instead of the 3 possible enum values (e.g. resip::Data::Share).
We tried to fix the crashes by checking if the SDP is well formed and found that the parser does not detect the empty address.
The attached patch fix the parser to reject empty address.
Best regards,
Nir Soffer
_______________________________________________
resiprocate-devel mailing list
resiprocate-devel@xxxxxxxxxxxxxxx
https://list.resiprocate.org/mailman/listinfo/resiprocate-devel