diff options
| author | Benny Prijono <bennylp@teluu.com> | 2006-07-02 13:36:50 +0000 |
|---|---|---|
| committer | Benny Prijono <bennylp@teluu.com> | 2006-07-02 13:36:50 +0000 |
| commit | ddd1da862bcdb019a518991245c1deed6d18c1ab (patch) | |
| tree | 97256117c1de5f1eaec7295283453581c2f392df | |
| parent | 889725a80d4f27b951352e90688becd9fbaf3f8a (diff) | |
Fixed bug in SDP rtpmap parsing that caused SDP failed to parse the rtpmap attribute (because input is not null terminated)
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@572 74dad513-b988-da41-8d7b-12977e46ad98
| -rw-r--r-- | pjmedia/src/pjmedia/sdp.c | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/pjmedia/src/pjmedia/sdp.c b/pjmedia/src/pjmedia/sdp.c index 57e89874..09e5217f 100644 --- a/pjmedia/src/pjmedia/sdp.c +++ b/pjmedia/src/pjmedia/sdp.c @@ -101,7 +101,7 @@ PJ_DEF(pjmedia_sdp_attr*) pjmedia_sdp_attr_create( pj_pool_t *pool, pj_strdup2(pool, &attr->name, name); if (value) - pj_strdup(pool, &attr->value, value); + pj_strdup_with_null(pool, &attr->value, value); else { attr->value.ptr = NULL; attr->value.slen = 0; @@ -120,7 +120,7 @@ PJ_DEF(pjmedia_sdp_attr*) pjmedia_sdp_attr_clone(pj_pool_t *pool, attr = pj_pool_alloc(pool, sizeof(pjmedia_sdp_attr)); pj_strdup(pool, &attr->name, &rhs->name); - pj_strdup(pool, &attr->value, &rhs->value); + pj_strdup_with_null(pool, &attr->value, &rhs->value); return attr; } @@ -249,10 +249,27 @@ PJ_DEF(pj_status_t) pjmedia_sdp_attr_get_rtpmap( const pjmedia_sdp_attr *attr, pj_scanner scanner; pj_str_t token; pj_status_t status = -1; + char term = 0; PJ_USE_EXCEPTION; PJ_ASSERT_RETURN(pj_strcmp2(&attr->name, "rtpmap")==0, PJ_EINVALIDOP); + PJ_ASSERT_RETURN(attr->value.slen != 0, PJMEDIA_SDP_EINATTR); + + /* Check if input is null terminated, and null terminate if + * necessary. Unfortunately this may crash the application if + * attribute was allocated from a read-only memory location. + * But this shouldn't happen as attribute's value normally is + * null terminated. + */ + if (attr->value.ptr[attr->value.slen] != 0 && + attr->value.ptr[attr->value.slen] != '\r') + { + pj_assert(!"Shouldn't happen"); + term = attr->value.ptr[attr->value.slen]; + attr->value.ptr[attr->value.slen] = '\0'; + } + pj_scan_init(&scanner, (char*)attr->value.ptr, attr->value.slen, PJ_SCAN_AUTOSKIP_WS, &on_scanner_error); @@ -310,6 +327,9 @@ PJ_DEF(pj_status_t) pjmedia_sdp_attr_get_rtpmap( const pjmedia_sdp_attr *attr, on_return: pj_scan_fini(&scanner); + if (term) { + attr->value.ptr[attr->value.slen] = term; + } return status; } |