Type Of Change

• Small bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds new functionality)
• Breaking change (fix or feature that would change existing functionality)

Checklist:

• PR should be backported to stable branches
• Tested changes locally
• [ ] Related to issue #XXXX (replace XXXX with an open issue number)

Description

This was an odd one. I can't see how read_sdp_pv ever worked. When the old SDP is deleted with del_lump from the SIP msg, the lump pointer is calculated assuming that body is a pointer relative to msg. When read_sdp_pv is set, body pointer is set to something entirely different and doing pointer maths relative to msg causes integer overflows and results in a segfault on del_lump.

This change explicitly gets the body pointer (cur_body) relative to msg before trying to del_lump. If it's preferable, I can have it only do this if read_sdp_pv is set but I figured it's not a heavy operation and it's safer to always do it.

You can view, comment on, or merge this pull request online at:

  https://github.com/kamailio/kamailio/pull/1326

Commit Summary

• rtpengine: fixed segfault when using read_sdp_pv

File Changes

• M src/modules/rtpengine/rtpengine.c (8)

Patch Links:

• https://github.com/kamailio/kamailio/pull/1326.patch
• https://github.com/kamailio/kamailio/pull/1326.diff

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.