![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
#1866 closed defect (fixed)
More crash in SDP negotiator due to invalid memory access
| Reported by: | nanang | Owned by: | nanang |
|---|---|---|---|
| Priority: | normal | Milestone: | release-2.4.5 |
| Component: | pjmedia | Version: | trunk |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: | no |
Description
This issue is related to #1834. INVITE session uses an alternating set of memory pools where the last used is reset after a cycle of SDP negotiation, this requires SDP negotiator to retain some of its internal states using the current pool in each SDP negotiation cycle. This ticket will refactor the management of internal state initial_sdp.
The initial_sdp contains local capability (original complete local SDP) provided by application when setting local offer. Currently it needs to be retained for initial and subsequent SDP negotiation operations, one of its usage is to be the default SDP when application supplied NULL SDP in pjmedia_sdp_neg_set_local_answer().
There are some scenarios of SDP negotiation that may cause initial_sdp to be invalid, e.g:
- remote sends re-offer, so local supplies initial answer and initial_sdp is updated using pool 1, but SDP negotiation fails (e.g: due to no matching codec) and the pool 1 is then reset
- local sends re-offer, so initial_sdp is updated using pool 1, but SDP negotiation fails and the pool 1 is then reset
- SDP negotiation cancellation (due to no remote answer) may not immediately cause initial_sdp to be invalid, but as initial_sdp is allocated using provisional pool, it is considered risky as provisional pool is not active pool, it may be reset by other component on any event.
Here are SDP offer/answer operations and actions to be done on initial_sdp:
- updating local capability via pjmedia_sdp_neg_modify_local_offer, pjmedia_sdp_neg_send_local_offer, or pjmedia_sdp_neg_set_local_answer:
- save current initial_sdp to a temporary variable (for reverting back later if needed) and update initial_sdp with the new local SDP offer
- (local/remote) offer cancelled via pjmedia_sdp_neg_cancel_offer:
- revert back initial_sdp when the offerer is local
- negotiation failure (pjmedia_sdp_neg_negotiate):
- revert back initial_sdp
- negotiation success (pjmedia_sdp_neg_negotiate):
- nothing, the provisional pool will become the active pool
Change History (2)
comment:1 Changed 9 years ago by nanang
- Resolution set to fixed
- Status changed from new to closed
comment:2 Changed 9 years ago by nanang
In 5130:
In 5129: