Opened 15 years ago

Closed 15 years ago

#952 closed defect (fixed)

Error in calculating RTP packet extended header (thanks Thomas Falk for the patch)

Reported by: bennylp Owned by: nanang
Priority: normal Milestone: release-1.5
Component: pjmedia Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported:

Description

The code in the function pjmedia_rtp_decode_rtp (in pjmedia/src/pjmedia/rtp.c) calculates the size of the extended header in the wrong way. The following code calculates the offset of the payload after the
extended header:

Line 169:

  /* Adjust offset if RTP extension is used. */
  if ((*hdr)->x) {
      pjmedia_rtp_ext_hdr *ext = (pjmedia_rtp_ext_hdr*)
                                  (((pj_uint8_t*)pkt) + offset);
      offset += (pj_ntohs(ext->length) * sizeof(pj_uint32_t));
  }

According to RFC 3550 the length of the extended header may be 0, even if there is an extended header. In this case the exented header consist of the extension header (32 bit) only.

In the above code ext->length is this length of the extended header. If there is an extended header the offset must be calculated to at least 1.

Change History (1)

comment:1 Changed 15 years ago by bennylp

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in r2904

Note: See TracTickets for help on using tickets.