Custom Query (2195 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:

Results (91 - 93 of 2195)

21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
Ticket Resolution Summary Owner Reporter
#2174 fixed Fix out of bound error when enabling GnuTLS bennylp riza
Description

When using GnuTLS, tls_init() will save cipher suite info to local array and might raise out of bound error if GnuTLS has more supported cipher suite then the maximum array size (MAX_CIPHERS=100).

This patch will not allow adding more cipher once the local array is full.

Thanks to Hugo Lefeuvre for the report and initial patch.

#2173 fixed On PJSUA2, application will not be notified when when SDP nego fails due to unsupported codec. bennylp riza
Description

Ticket #1916 enables on_incoming_call() called from on_create_media_transport() for PJSUA2.

However, after the on_incoming_call() invocation, there is a chance that the call is disconnected by the library (e.g: due to unsupported codec or unsupported SIP capability requirement). Unfortunately, there is a bug in the library that application will not be informed about the call disconnection in such scenario.

The patch will add check for codec and capability support from the SDP before calling on_incoming_call(). In this case, when the check fails then on_incoming_call() will not be called.

However, actually there is still a chance of failure in further step of call verification, so the call may get rejected by the library after incoming call callback is invoked. In this case, call state callback on_call_state() will be invoked to notify application about call disconnection.

Thanks to Ryan Wallach for the report.

#2172 fixed Crash due to double reference decrements in timer bennylp nanang
Description

The cancel() inside cancel_timer() returns zero when a timer entry is invalid or its expiration callback is being invoked (as the entry is removed already). Unfortunately the cancel_timer() does not check the count returned by cancel() and always proceed further with pj_grp_lock_dec_ref().

This is a bad news if at the same time the entry callback is being invoked by pj_timer_heap_poll() as pj_grp_lock_dec_ref() will be called after the callback returns. Note that the pj_grp_lock_dec_ref() may cause group lock ref count reaching zero, where all member objects of the group lock will invoke their destructors (usually freeing up any memory allocations), so the next pj_grp_lock_dec_ref() will access invalid/freed memory address.

Thanks Keerthi Kumar Thovi for the report and the analysis.

21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
Note: See TracQuery for help on using queries.