[reSIProcate] [patch] possible memory corruption in SDP codec handling
Robert Szokovacs
robert.szokovacs at gamma.co.uk
Mon Nov 7 08:12:34 CST 2011
Hi,
In a usual valgrind run, we noticed that is we call
SdpContents::Session::Medium::codecs() then copy the Medium object, we get
memory reads from places we should not access. The bug was tracked down to be
a misunderstaning between Codec::parse() and the Medium's AttributeHelper, the
AttributeHelper free's up the memory that was used by parse(). Patch and
testcase to reproduce attached.
br
Szo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: resip-sdp.patch
Type: text/x-patch
Size: 927 bytes
Desc: not available
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20111107/adfd43e9/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tester.cxx
Type: text/x-c++src
Size: 1565 bytes
Desc: not available
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20111107/adfd43e9/attachment.cxx>
More information about the resiprocate-devel
mailing list