diff options
author | Richard Mudgett <rmudgett@digium.com> | 2015-03-20 18:23:57 +0000 |
---|---|---|
committer | Richard Mudgett <rmudgett@digium.com> | 2015-03-20 18:23:57 +0000 |
commit | 1c090281718bba6a5cee8f573f4dad0e46427496 (patch) | |
tree | 4a497d299e45a9df479d2e241ae0fa4ad5007d9c /res | |
parent | 73dcea59bd17c694e636a886e151863c02311822 (diff) |
res_pjsip_sdp_rtp,sorcery: Fix invalid access and memory leak respectively.
Valgrind found a memory leak and invalid access.
* Fix invalid access by sscanf() being fed a non-nul terminated string of
digits in res/res_pjsip_sdp_rtp.c:get_codecs().
* Fix memory leak in main/sorcery.c:sorcery_object_field_destructor().
* Fix potential NULL pointer dereference in
main/xmldoc.c:xmldoc_get_syntax_config_option().
Review: https://reviewboard.asterisk.org/r/4513/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/13@433199 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'res')
-rw-r--r-- | res/res_pjsip_sdp_rtp.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/res/res_pjsip_sdp_rtp.c b/res/res_pjsip_sdp_rtp.c index e55e255c4..ab801c9e7 100644 --- a/res/res_pjsip_sdp_rtp.c +++ b/res/res_pjsip_sdp_rtp.c @@ -180,7 +180,11 @@ static void get_codecs(struct ast_sip_session *session, const struct pjmedia_sdp } if ((pjmedia_sdp_attr_get_fmtp(attr, &fmtp)) == PJ_SUCCESS) { - sscanf(pj_strbuf(&fmtp.fmt), "%d", &num); + ast_copy_pj_str(fmt_param, &fmtp.fmt, sizeof(fmt_param)); + if (sscanf(fmt_param, "%30d", &num) != 1) { + continue; + } + if ((format = ast_rtp_codecs_get_payload_format(codecs, num))) { struct ast_format *format_parsed; |