[asterisk-bugs] [JIRA] (ASTERISK-28480) json integer overflow in ssrc and timestamp

Asterisk Team (JIRA) noreply at issues.asterisk.org
Thu Sep 12 16:21:49 CDT 2019


     [ https://issues.asterisk.org/jira/browse/ASTERISK-28480?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Asterisk Team updated ASTERISK-28480:
-------------------------------------

    Target Release Version/s: 16.6.0

> json integer overflow in ssrc and timestamp
> -------------------------------------------
>
>                 Key: ASTERISK-28480
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28480
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Core/RTP
>    Affects Versions: 13.26.0
>            Reporter: Salah Ahmed
>            Assignee: Kevin Harwell
>            Severity: Minor
>      Target Release: 17.0.0, 13.29.0, 16.6.0
>
>
> Hello,
> Recently we have found some integer overflow in ssrc and timestamp. After some research we have found jansson library has 3 types of integers representation. 
> i (integer) [int]: Convert a C int to JSON integer.
> I (integer) [json_int_t]: Convert a C json_int_t to JSON integer.
> f (real) [double]: Convert a C double to JSON real.
> In some places "i" being used for ssrc and timestamp. Some time those values are get negative for some big number(Close to Max Unsigned Int). If use "I" instead of "i" this will be fixed for all cases.
> Thanks,
> Salah 



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list