[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Linphone-developers] invalid memory access in ortp 0.27.0 with socket i

From: BOITEUX, Frederic
Subject: [Linphone-developers] invalid memory access in ortp 0.27.0 with socket in connected mode
Date: Thu, 29 Dec 2016 10:04:11 +0000


  I'm trying to update our use of oRTP library (currently 0.23.0) with latest 
release (0.27.0), and running first tests, I found a problem leading to crash 
in rtp_session_rtp_recv_abstract() function, when it's trying to copy 'from' 
address into msg->net_addr field :

#0  rtp_session_rtp_recv_abstract (socket=<optimized out>, 
    address@hidden, address@hidden, from=0x0, fromlen=0x0)
    at rtpsession_inet.c:1338
1338                    memcpy(&msg->net_addr,from,*fromlen);

The 'from' and 'fromlen' parameters are NULL in socket connected mode, so it 
should test it before to try reading them !

This code was added in following commit :

commit ec6c4d525eb74a84c375ada341569aac1f7c6976
Author: Sylvain Berfini <address@hidden>
Date:   Thu Oct 29 16:29:58 2015 +0100

    Reworked a few things to make packet injection in reception possible
@@ -1322,6 +1321,9 @@ int rtp_session_rtp_recv_abstract(ortp_socket_t socket, 
_t *msg, int flags,
+               /*store recv addr for use by modifiers*/
+               memcpy(&msg->net_addr,from,*fromlen);
+               msg->net_addrlen = *fromlen;
        return ret;

This commit has the same kind of lines added or removed in other places.

I'll try to add a test to prevent running this code is from or fromlen is NULL, 
but I don't know if it's sufficient or the good fix for this problem : could 
you check this problem in a more global manner ?

                Fred Boiteux.

This message contains information that may be privileged or confidential and is 
the property of the Capgemini Group. It is intended only for the person to whom 
it is addressed. If you are not the intended recipient, you are not authorized 
to read, print, retain, copy, disseminate, distribute, or use this message or 
any part thereof. If you receive this message in error, please notify the 
sender immediately and delete all copies of this message.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]