[Asterisk-code-review] rtp engine: rtcp report to json can overflow the ssrc intege... (asterisk[16])

Kevin Harwell asteriskteam at digium.com
Fri Sep 14 16:39:14 CDT 2018 

Kevin Harwell has uploaded this change for review. ( https://gerrit.asterisk.org/10148


Change subject: rtp_engine: rtcp_report_to_json can overflow the ssrc integer value
......................................................................

rtp_engine: rtcp_report_to_json can overflow the ssrc integer value

When writing an RTCP report to json the code attempts to pack the "ssrc" and
"source_ssrc" unsigned integer values as a signed int value type. This of course
means if the ssrc's unsigned value is greater than that which can fit into a
signed integer value it gets converted to a negative number. Subsequently, the
negative value goes out in the json report.

This patch now packs the value as a json_int_t, which is the widest integer type
available on a given system. This should make it so the value no longer
overflows.

Note, this was caught by two failing tests hep/rtcp-receiver/ and
hep/rtcp-sender.

Change-Id: I2af275286ee5e795b79f0c3d450d9e4b28e958b0
---
M main/rtp_engine.c
1 file changed, 2 insertions(+), 2 deletions(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/48/10148/1

diff --git a/main/rtp_engine.c b/main/rtp_engine.c
index 3d50774..a6ee9d5 100644
--- a/main/rtp_engine.c
+++ b/main/rtp_engine.c
@@ -3379,7 +3379,7 @@
 		char str_lsr[32];
 
 		snprintf(str_lsr, sizeof(str_lsr), "%u", payload->report->report_block[i]->lsr);
-		json_report_block = ast_json_pack("{s: i, s: i, s: i, s: i, s: i, s: s, s: i}",
+		json_report_block = ast_json_pack("{s: I, s: i, s: i, s: i, s: i, s: s, s: i}",
 			"source_ssrc", payload->report->report_block[i]->source_ssrc,
 			"fraction_lost", payload->report->report_block[i]->lost_count.fraction,
 			"packets_lost", payload->report->report_block[i]->lost_count.packets,
@@ -3412,7 +3412,7 @@
 		}
 	}
 
-	json_rtcp_report = ast_json_pack("{s: i, s: i, s: i, s: o, s: o}",
+	json_rtcp_report = ast_json_pack("{s: I, s: i, s: i, s: o, s: o}",
 		"ssrc", payload->report->ssrc,
 		"type", payload->report->type,
 		"report_count", payload->report->reception_report_count,

-- 
To view, visit https://gerrit.asterisk.org/10148
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 16
Gerrit-MessageType: newchange
Gerrit-Change-Id: I2af275286ee5e795b79f0c3d450d9e4b28e958b0
Gerrit-Change-Number: 10148
Gerrit-PatchSet: 1
Gerrit-Owner: Kevin Harwell <kharwell at digium.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20180914/a27b1f81/attachment-0001.html>

More information about the asterisk-code-review mailing list