[asterisk-commits] rmudgett: branch certified-13.1 r433201 - in /certified/branches/13.1: ./ mai...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Fri Mar 20 14:04:38 CDT 2015


Author: rmudgett
Date: Fri Mar 20 14:04:36 2015
New Revision: 433201

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=433201
Log:
res_pjsip_sdp_rtp,sorcery: Fix invalid access and memory leak respectively.

Valgrind found a memory leak and invalid access.

* Fix invalid access by sscanf() being fed a non-nul terminated string of
digits in res/res_pjsip_sdp_rtp.c:get_codecs().

* Fix memory leak in main/sorcery.c:sorcery_object_field_destructor().

* Fix potential NULL pointer dereference in
main/xmldoc.c:xmldoc_get_syntax_config_option().

Review: https://reviewboard.asterisk.org/r/4513/
........

Merged revisions 433199 from http://svn.asterisk.org/svn/asterisk/branches/13

Modified:
    certified/branches/13.1/   (props changed)
    certified/branches/13.1/main/sorcery.c
    certified/branches/13.1/main/xmldoc.c
    certified/branches/13.1/res/res_pjsip_sdp_rtp.c

Propchange: certified/branches/13.1/
------------------------------------------------------------------------------
Binary property 'branch-13-merged' - no diff available.

Modified: certified/branches/13.1/main/sorcery.c
URL: http://svnview.digium.com/svn/asterisk/certified/branches/13.1/main/sorcery.c?view=diff&rev=433201&r1=433200&r2=433201
==============================================================================
--- certified/branches/13.1/main/sorcery.c (original)
+++ certified/branches/13.1/main/sorcery.c Fri Mar 20 14:04:36 2015
@@ -1074,6 +1074,7 @@
 
 	if (object_field->name_regex) {
 		regfree(object_field->name_regex);
+		ast_free(object_field->name_regex);
 	}
 }
 

Modified: certified/branches/13.1/main/xmldoc.c
URL: http://svnview.digium.com/svn/asterisk/certified/branches/13.1/main/xmldoc.c?view=diff&rev=433201&r1=433200&r2=433201
==============================================================================
--- certified/branches/13.1/main/xmldoc.c (original)
+++ certified/branches/13.1/main/xmldoc.c Fri Mar 20 14:04:36 2015
@@ -1239,7 +1239,7 @@
 	regex = ast_xml_get_attribute(fixnode, "regex");
 	ast_str_set(&syntax, 0, "%s = [%s] (Default: %s) (Regex: %s)\n",
 		name,
-		type,
+		type ?: "",
 		default_value ?: "n/a",
 		regex ?: "False");
 

Modified: certified/branches/13.1/res/res_pjsip_sdp_rtp.c
URL: http://svnview.digium.com/svn/asterisk/certified/branches/13.1/res/res_pjsip_sdp_rtp.c?view=diff&rev=433201&r1=433200&r2=433201
==============================================================================
--- certified/branches/13.1/res/res_pjsip_sdp_rtp.c (original)
+++ certified/branches/13.1/res/res_pjsip_sdp_rtp.c Fri Mar 20 14:04:36 2015
@@ -183,7 +183,11 @@
 		}
 
 		if ((pjmedia_sdp_attr_get_fmtp(attr, &fmtp)) == PJ_SUCCESS) {
-			sscanf(pj_strbuf(&fmtp.fmt), "%d", &num);
+			ast_copy_pj_str(fmt_param, &fmtp.fmt, sizeof(fmt_param));
+			if (sscanf(fmt_param, "%30d", &num) != 1) {
+				continue;
+			}
+
 			if ((format = ast_rtp_codecs_get_payload_format(codecs, num))) {
 				struct ast_format *format_parsed;
 




More information about the asterisk-commits mailing list