[vlc-devel] [PATCH] Issues with SDP parsing
Alexander Gall
gall at switch.ch
Mon Mar 6 17:05:13 CET 2006
I believe that the "m=" field is mandatory in SDP. Currently,
modules/services_discovery/sap.c:ParseConnection() accepts such a
session description. However, in that case, psz_proto is NULL
(because it's extracted from the media description) and the subsequent
asprintf() call on line 1042 crashes with a NULL pointer dereference.
If a media description is present, the code checks whether the port is
in the range [1, 65535]. It only prints a warning if the port is out
of bounds and continues anyway, which doesn't make sense.
Finally, when the parser detects an error, it typically generates a
warn/debug message that contains the offending string. However, due
to the method used for parsing (searching for the next space character
and replacing it with a '\0'), only the first word is printed, e.g.
[00000510] sap private debug: incorrect c field, IN
when the complete c= field is actually "IN IP4 224.1.1.1". This
occurs in many places throughout sap.c. It's not very important but
makes the messages less useful than they could be. I didn't attempt
to fix it.
--
Alex
--- vlc-0.8.5-20060306.orig/modules/services_discovery/sap.c 2006-03-06 13:27:15.000000000 +0100
+++ vlc-0.8.5-20060306/modules/services_discovery/sap.c 2006-03-06 16:42:45.456729000 +0100
@@ -985,6 +985,8 @@
if( i_port <= 0 || i_port >= 65536 )
{
msg_Warn( p_obj, "invalid transport port %i", i_port );
+ FREE( psz_uri );
+ return VLC_EGENERIC;
}
psz_parse = psz_eof + 1;
@@ -1013,6 +1015,10 @@
p_sdp->i_media_type = 33;
psz_proto = strdup( psz_parse );
}
+ } else {
+ msg_Warn( p_obj, "missing m field" );
+ FREE( psz_uri );
+ return VLC_EGENERIC;
}
if( psz_proto && !strncmp( psz_proto, "RTP/AVP", 7 ) )
--
This is the vlc-devel mailing-list, see http://www.videolan.org/vlc/
To unsubscribe, please read http://developers.videolan.org/lists.html
More information about the vlc-devel
mailing list