[asterisk-users] More issues with Siren14 datalen == 0 packets
Richard Kenner
kenner at gnat.com
Wed Apr 12 07:50:11 CDT 2017
Another crash with a packet:
$10 = {frametype = AST_FRAME_VOICE, subclass = {integer = 0,
format = 0x12c62170, frame_ending = 0}, datalen = 0, samples = 640,
mallocd = 1, mallocd_hdr_len = 324, offset = 64,
src = 0x2ad290064a08 "siren14tolin32/speex", data = {ptr = 0x80893318,
uint32 = 2156475160, pad = "\030\063\211\200\000\000\000"}, delivery = {
tv_sec = 1492000520, tv_usec = 225198}, frame_list = {next = 0x0},
flags = 0, ts = 0, len = 0, seqno = 0}
Note that datalen is zero, but samples aren't.
main/slinfactory.c near line 177 doesn't check for datalen of zero,
but copies using samples.
Fixed thusly:
*** slinfactory.c.orig 2017-02-13 15:00:19.000000000 -0500
--- slinfactory.c 2017-04-12 08:48:16.000000000 -0400
***************
*** 174,178 ****
frame_data = frame_ptr->data.ptr;
! if (frame_ptr->samples <= ineed) {
memcpy(offset, frame_data, frame_ptr->samples * sizeof(*offset));
sofar += frame_ptr->samples;
--- 174,180 ----
frame_data = frame_ptr->data.ptr;
! if (frame_ptr->datalen == 0)
! ;
! else if (frame_ptr->samples <= ineed) {
memcpy(offset, frame_data, frame_ptr->samples * sizeof(*offset));
sofar += frame_ptr->samples;
How many more of these cases are there going to be?
Why is samples being used as a length instead of datalen?
More information about the asterisk-users
mailing list