ccrtp-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ccrtp-devel] Segementation fault in onGotSDES


From: Michel de Boer
Subject: Re: [Ccrtp-devel] Segementation fault in onGotSDES
Date: Fri, 29 Jul 2005 23:03:10 +0200
User-agent: Mozilla Thunderbird 1.0.2 (X11/20050317)

Yes, that's the guy to remove.

David Sugar wrote:
So...

              } else if ( pkt->fh.type == RTCPPacket::tAPP ) {
                      onGotAPP(*s,pkt->info.APP,pkt->getLength());
// remove this guy?   pointer += pkt->getLength();
              } else {

I see yes after the check, it is incremented again...

I was looking at a different change, which was to set an optional default stack size for rtp threads...but if I get at least this confirmed, I will do a new release.

Michel de Boer wrote:

Federico,

I just looked at the code in control.cpp and I think you forgot a bit
of my patch.

In ccrtp-1.3.3 I now find this code:

      if ( checkSSRCInRTCPPkt(*sourceLink,source_created,
                              network_address,
                              transport_port) ) {
              if ( pkt->fh.type == RTCPPacket::tSDES ) {
                      bool cname = onGotSDES(*s,*pkt);
                      cname_found = cname_found? cname_found : cname;
              } else if ( pkt->fh.type == RTCPPacket::tAPP ) {
                      onGotAPP(*s,pkt->info.APP,pkt->getLength());
                      pointer += pkt->getLength();
              } else {
                      // error?
              }
      }
      // Get the next packet in the compound.
      pointer += pkt->getLength();
      pkt = reinterpret_cast<RTCPPacket *>(rtcpRecvBuffer +pointer);

The 'pointer += pkt->getLength()' in the tAPP else if branch should be
removed. Now the pointer gets incremented twice in case of an APP
packet.

Previously I you had the increments in the tDES and tAPP branches.
With my proposed patch I deleted those increments and added the
increment at the end of the loop. This way you would not get in
inifite loop if you'd ever hit the 'error' branch.

Regards,
Michel



Federico Montesino Pouzols wrote:

I've just applied your patch. As you have experienced this bug could
cause random crashes depending on the random memory contents. Good bug
hunt!




_______________________________________________
Ccrtp-devel mailing list
address@hidden
http://lists.gnu.org/mailman/listinfo/ccrtp-devel




reply via email to

[Prev in Thread] Current Thread [Next in Thread]