Federico,
I just looked at the code in control.cpp and I think you forgot a bit
of my patch.
In ccrtp-1.3.3 I now find this code:
if ( checkSSRCInRTCPPkt(*sourceLink,source_created,
network_address,
transport_port) ) {
if ( pkt->fh.type == RTCPPacket::tSDES ) {
bool cname = onGotSDES(*s,*pkt);
cname_found = cname_found? cname_found : cname;
} else if ( pkt->fh.type == RTCPPacket::tAPP ) {
onGotAPP(*s,pkt->info.APP,pkt->getLength());
pointer += pkt->getLength();
} else {
// error?
}
}
// Get the next packet in the compound.
pointer += pkt->getLength();
pkt = reinterpret_cast<RTCPPacket *>(rtcpRecvBuffer +pointer);
The 'pointer += pkt->getLength()' in the tAPP else if branch should be
removed. Now the pointer gets incremented twice in case of an APP
packet.
Previously I you had the increments in the tDES and tAPP branches.
With my proposed patch I deleted those increments and added the
increment at the end of the loop. This way you would not get in
inifite loop if you'd ever hit the 'error' branch.
Regards,
Michel
Federico Montesino Pouzols wrote:
I've just applied your patch. As you have experienced this bug could
cause random crashes depending on the random memory contents. Good bug
hunt!
_______________________________________________
Ccrtp-devel mailing list
address@hidden
http://lists.gnu.org/mailman/listinfo/ccrtp-devel