Ticket #952 (closed defect: fixed)

Opened 9 years ago

Last modified 9 years ago

Error in calculating RTP packet extended header (thanks Thomas Falk for the patch)

Reported by: bennylp Owned by: nanang
Priority: normal Milestone: release-1.5
Component: pjmedia Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported:

Description

The code in the function pjmedia_rtp_decode_rtp (in pjmedia/src/pjmedia/rtp.c) calculates the size of the extended header in the wrong way. The following code calculates the offset of the payload after the extended header:

Line 169:

  /* Adjust offset if RTP extension is used. */
  if ((*hdr)->x) {
      pjmedia_rtp_ext_hdr *ext = (pjmedia_rtp_ext_hdr*)
                                  (((pj_uint8_t*)pkt) + offset);
      offset += (pj_ntohs(ext->length) * sizeof(pj_uint32_t));
  }

According to RFC 3550 the length of the extended header may be 0, even if there is an extended header. In this case the exented header consist of the extension header (32 bit) only.

In the above code ext->length is this length of the extended header. If there is an extended header the offset must be calculated to at least 1.

Change History

comment:1 Changed 9 years ago by bennylp

  • Status changed from new to closed
  • Resolution set to fixed

Fixed in r2904

Note: See TracTickets for help on using tickets.