[asterisk-commits] rmudgett: branch certified-13.1 r433201 - in /certified/branches/13.1: ./ mai...
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Fri Mar 20 14:04:38 CDT 2015
Author: rmudgett
Date: Fri Mar 20 14:04:36 2015
New Revision: 433201
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=433201
Log:
res_pjsip_sdp_rtp,sorcery: Fix invalid access and memory leak respectively.
Valgrind found a memory leak and invalid access.
* Fix invalid access by sscanf() being fed a non-nul terminated string of
digits in res/res_pjsip_sdp_rtp.c:get_codecs().
* Fix memory leak in main/sorcery.c:sorcery_object_field_destructor().
* Fix potential NULL pointer dereference in
main/xmldoc.c:xmldoc_get_syntax_config_option().
Review: https://reviewboard.asterisk.org/r/4513/
........
Merged revisions 433199 from http://svn.asterisk.org/svn/asterisk/branches/13
Modified:
certified/branches/13.1/ (props changed)
certified/branches/13.1/main/sorcery.c
certified/branches/13.1/main/xmldoc.c
certified/branches/13.1/res/res_pjsip_sdp_rtp.c
Propchange: certified/branches/13.1/
------------------------------------------------------------------------------
Binary property 'branch-13-merged' - no diff available.
Modified: certified/branches/13.1/main/sorcery.c
URL: http://svnview.digium.com/svn/asterisk/certified/branches/13.1/main/sorcery.c?view=diff&rev=433201&r1=433200&r2=433201
==============================================================================
--- certified/branches/13.1/main/sorcery.c (original)
+++ certified/branches/13.1/main/sorcery.c Fri Mar 20 14:04:36 2015
@@ -1074,6 +1074,7 @@
if (object_field->name_regex) {
regfree(object_field->name_regex);
+ ast_free(object_field->name_regex);
}
}
Modified: certified/branches/13.1/main/xmldoc.c
URL: http://svnview.digium.com/svn/asterisk/certified/branches/13.1/main/xmldoc.c?view=diff&rev=433201&r1=433200&r2=433201
==============================================================================
--- certified/branches/13.1/main/xmldoc.c (original)
+++ certified/branches/13.1/main/xmldoc.c Fri Mar 20 14:04:36 2015
@@ -1239,7 +1239,7 @@
regex = ast_xml_get_attribute(fixnode, "regex");
ast_str_set(&syntax, 0, "%s = [%s] (Default: %s) (Regex: %s)\n",
name,
- type,
+ type ?: "",
default_value ?: "n/a",
regex ?: "False");
Modified: certified/branches/13.1/res/res_pjsip_sdp_rtp.c
URL: http://svnview.digium.com/svn/asterisk/certified/branches/13.1/res/res_pjsip_sdp_rtp.c?view=diff&rev=433201&r1=433200&r2=433201
==============================================================================
--- certified/branches/13.1/res/res_pjsip_sdp_rtp.c (original)
+++ certified/branches/13.1/res/res_pjsip_sdp_rtp.c Fri Mar 20 14:04:36 2015
@@ -183,7 +183,11 @@
}
if ((pjmedia_sdp_attr_get_fmtp(attr, &fmtp)) == PJ_SUCCESS) {
- sscanf(pj_strbuf(&fmtp.fmt), "%d", &num);
+ ast_copy_pj_str(fmt_param, &fmtp.fmt, sizeof(fmt_param));
+ if (sscanf(fmt_param, "%30d", &num) != 1) {
+ continue;
+ }
+
if ((format = ast_rtp_codecs_get_payload_format(codecs, num))) {
struct ast_format *format_parsed;
More information about the asterisk-commits
mailing list