[reSIProcate] corruption in SdpContents::Session::Medium::codecs()
Justin Matthews
jmatthewsr at yahoo.com
Tue Oct 17 17:03:21 CDT 2006
Hello, is the following correct? If so, any ideas on the best way to fix
this?
Thanks,
-Justin
In SdpContents::Session::Medium::codecs():
// don't store twice
mFormats.clear();
mAttributeHelper.clearAttribute(rtpmap);
mAttributeHelper.clearAttribute(fmtp); // parsed out in codec.parse
Calling clearAttribute will destroy the ParseBuffer for rtpmap and fmtp
which is now being accessed by the mRtpMap entries that are created earlier
in this function. Accessing data members that store resip::Data objects
such as Codec::mName will be accessing previously free'd memory blocks.
----------------------------------------------------------------------------
SdpContents::Session::Medium::codecs()
{
.
if (exists(rtpmap))
{
for (list<Data>::const_iterator i = getValues(rtpmap).begin();
i != getValues(rtpmap).end(); ++i)
{
//DebugLog(<< "SdpContents::Session::Medium::getCodec(" << *i <<
")");
ParseBuffer pb(i->data(), i->size());
int format = pb.integer();
// pass to codec constructor for parsing
// pass this for other codec attributes
try
{
mRtpMap[format].parse(pb, *this, format);
}
----------------------------------------------------------------------------
Codec::parse(ParseBuffer& pb,
const SdpContents::Session::Medium& medium,
int payloadType)
{
const char* anchor = pb.skipWhitespace();
pb.skipToChar(Symbols::SLASH[0]);
pb.data(mName, anchor);
.
}
----------------------------------------------------------------------------
ParseBuffer::data(Data& data, const char* start) const
{
if (!(mBuff <= start && start <= mPosition))
{
fail(__FILE__, __LINE__,"Bad anchor position");
}
if (data.mMine == Data::Take)
{
delete[] data.mBuf;
}
data.mSize = (unsigned int)(mPosition - start);
data.mBuf = const_cast<char*>(start);
data.mCapacity = data.mSize;
data.mMine = Data::Share;
}
More information about the resiprocate-devel
mailing list