#### Type Of Change - [X] Small bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality)
#### Checklist: <!-- Go over all points below, and after creating the PR, tick the checkboxes that apply --> - [X] PR should be backported to stable branches - [X] Tested changes locally - [ ] Related to issue #XXXX (replace XXXX with an open issue number)
#### Description This was an odd one. I can't see how `read_sdp_pv` ever worked. When the old SDP is deleted with `del_lump` from the SIP `msg`, the lump pointer is calculated assuming that `body` is a pointer relative to `msg`. When `read_sdp_pv` is set, `body` pointer is set to something entirely different and doing pointer maths relative to `msg` causes integer overflows and results in a segfault on `del_lump`.
This change explicitly gets the body pointer (`cur_body`) relative to `msg` before trying to `del_lump`. If it's preferable, I can have it only do this if `read_sdp_pv` is set but I figured it's not a heavy operation and it's safer to always do it. You can view, comment on, or merge this pull request online at:
https://github.com/kamailio/kamailio/pull/1326
-- Commit Summary --
* rtpengine: fixed segfault when using read_sdp_pv
-- File Changes --
M src/modules/rtpengine/rtpengine.c (8)
-- Patch Links --
https://github.com/kamailio/kamailio/pull/1326.patch https://github.com/kamailio/kamailio/pull/1326.diff
Thanks! It will be merged.
For convenience, can you make pull requests for stable branches? It makes it faster to backport by merging them via web here.
Merged #1326.
Can you remind me which versions are still being supported? I'll create backport PRs.
Do it for 5.0 and 5.1, it should be straightforward. For 4.4 might need some more work.
Already ported it to 4.2 as that's what we're running on this particular proxy. I'll submit PRs for 5.0, 5.1 and 4.4. Thanks! :)
-
Daniel-Constantin Mierla -
Phil Lavin