[asterisk-bugs] [JIRA] (ASTERISK-28480) json integer overflow in ssrc and timestamp

Thu Dec 12 05:58:32 CST 2019

     [ https://issues.asterisk.org/jira/browse/ASTERISK-28480?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Asterisk Team updated ASTERISK-28480:
-------------------------------------

    Target Release Version/s: 17.1.0

> json integer overflow in ssrc and timestamp
> -------------------------------------------
>
>                 Key: ASTERISK-28480
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28480
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Core/RTP
>    Affects Versions: 13.26.0
>            Reporter: Salah Ahmed
>            Assignee: Kevin Harwell
>            Severity: Minor
>      Target Release: 13.29.0, 16.6.0, 17.0.0, 17.1.0
>
>
> Hello,
> Recently we have found some integer overflow in ssrc and timestamp. After some research we have found jansson library has 3 types of integers representation. 
> i (integer) [int]: Convert a C int to JSON integer.
> I (integer) [json_int_t]: Convert a C json_int_t to JSON integer.
> f (real) [double]: Convert a C double to JSON real.
> In some places "i" being used for ssrc and timestamp. Some time those values are get negative for some big number(Close to Max Unsigned Int). If use "I" instead of "i" this will be fixed for all cases.
> Thanks,
> Salah 


--
This message was sent by Atlassian JIRA
(v6.2#6252)