Hi Greg, thx for your very precise report! I just had a look at it, and would appreciate if you could test with the patch included in this email. With the fix you suggested, it seems to me that it would basically break the automatic inclusion of the SDP answer in PRACK or ACK, in case of an offerless INVITE sent as part of a call initiated by SEMS.
Cheers Raphael.
0001-b-f-fixes-uninitialized-SDP-body-pointer.patch
Description: Binary data
On 03.10.2012, at 23:26, Greg Doerr wrote:
> Greetings,
>
> It appears that there is a bug in the Offer/Answer logic that creates a
> potential SEGFAULT condition.
>
> After the state is saved in AmOfferAnswer::OnRequestOut (line 294) the
> generate_sdp flag is tested before seeting the payload in the SDP body. It is
> possible for for sdp_body to be null on entering the block and cause the seg
> fault.
>
> A potential solution is to add a check for sdp_body being null in line 308 as
> follows:
>
> was: if (generate_sdp) {
> to: if (generate_sdp && sdp_body) {
>
> I observed a few segfaults in my testing prior to applying this patch. I have
> not had any occurences (from this cause) since applying the patch. I am not
> confident enough in my understanding of the Offer/Answer logic to know if
> this is the best way to address the issue.
>
> Greg Doerr
>
> _______________________________________________
> Semsdev mailing list
> [email protected]
> http://lists.iptel.org/mailman/listinfo/semsdev
_______________________________________________ Semsdev mailing list [email protected] http://lists.iptel.org/mailman/listinfo/semsdev
