Changeset 572

Timestamp:

Jul 2, 2006 1:36:50 PM (18 years ago)

Author:

bennylp

Message:

Fixed bug in SDP rtpmap parsing that caused SDP failed to parse the rtpmap attribute (because input is not null terminated)

File:

• pjproject/trunk/pjmedia/src/pjmedia/sdp.c (modified) (4 diffs)

pjproject/trunk/pjmedia/src/pjmedia/sdp.c

@@ -102 +102 @@
 
     if (value)
-        pj_strdup(pool, &attr->value, value);
+        pj_strdup_with_null(pool, &attr->value, value);
     else {
         attr->value.ptr = NULL;
@@ -121 +121 @@
 
     pj_strdup(pool, &attr->name, &rhs->name);
-    pj_strdup(pool, &attr->value, &rhs->value);
+    pj_strdup_with_null(pool, &attr->value, &rhs->value);
 
     return attr;
@@ -250 +250 @@
     pj_str_t token;
     pj_status_t status = -1;
+    char term = 0;
     PJ_USE_EXCEPTION;
 
     PJ_ASSERT_RETURN(pj_strcmp2(&attr->name, "rtpmap")==0, PJ_EINVALIDOP);
+
+    PJ_ASSERT_RETURN(attr->value.slen != 0, PJMEDIA_SDP_EINATTR);
+
+    /* Check if input is null terminated, and null terminate if
+     * necessary. Unfortunately this may crash the application if
+     * attribute was allocated from a read-only memory location.
+     * But this shouldn't happen as attribute's value normally is
+     * null terminated.
+     */
+    if (attr->value.ptr[attr->value.slen] != 0 &&
+        attr->value.ptr[attr->value.slen] != '\r')
+    {
+        pj_assert(!"Shouldn't happen");
+        term = attr->value.ptr[attr->value.slen];
+        attr->value.ptr[attr->value.slen] = '\0';
+    }
 
     pj_scan_init(&scanner, (char*)attr->value.ptr, attr->value.slen,
@@ -311 +328 @@
 on_return:
     pj_scan_fini(&scanner);
+    if (term) {
+        attr->value.ptr[attr->value.slen] = term;
+    }
     return status;
 }