#### Type Of Change - [X] Small bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality) #### Checklist: <!-- Go over all points below, and after creating the PR, tick the checkboxes that apply --> - [X] PR should be backported to stable branches - [X] Tested changes locally - [ ] Related to issue #XXXX (replace XXXX with an open issue number) #### Description This was an odd one. I can't see how `read_sdp_pv` ever worked. When the old SDP is deleted with `del_lump` from the SIP `msg`, the lump pointer is calculated assuming that `body` is a pointer relative to `msg`. When `read_sdp_pv` is set, `body` pointer is set to something entirely different and doing pointer maths relative to `msg` causes integer overflows and results in a segfault on `del_lump`. This change explicitly gets the body pointer (`cur_body`) relative to `msg` before trying to `del_lump`. If it's preferable, I can have it only do this if `read_sdp_pv` is set but I figured it's not a heavy operation and it's safer to always do it. You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/1326 -- Commit Summary -- * rtpengine: fixed segfault when using read_sdp_pv -- File Changes -- M src/modules/rtpengine/rtpengine.c (8) -- Patch Links -- https://github.com/kamailio/kamailio/pull/1326.patch https://github.com/kamailio/kamailio/pull/1326.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/1326