Module: sems Branch: 1.5 Commit: ea1dc3598f053f725983ad9b8008a43b8a30fcf4 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sems/?a=commit;h=ea1dc3598f053f725983ad9b8008a43b8a30fcf4
Author: Raphael Coeffic <[email protected]> Committer: Raphael Coeffic <[email protected]> Date: Thu Feb 28 12:55:46 2013 +0100 b/f: hot fix for possible infinite loop in PacketMem::newPacket() If PacketMem::freePacket() is called twice for the same packet, the RTP receiver would block for ever in PacketMem::newPacket(). Many thanks to our anonymous friend at onat.edu.ua! --- core/AmRtpStream.cpp | 9 +++++++++ 1 files changed, 9 insertions(+), 0 deletions(-) diff --git a/core/AmRtpStream.cpp b/core/AmRtpStream.cpp index 34c229e..02a7e37 100644 --- a/core/AmRtpStream.cpp +++ b/core/AmRtpStream.cpp @@ -1021,6 +1021,15 @@ inline AmRtpPacket* PacketMem::newPacket() { inline void PacketMem::freePacket(AmRtpPacket* p) { if (!p) return; + int idx = p-packets; + assert(idx > 0); + assert(idx < MAX_PACKETS); + + if(!used[idx]) { + ERROR("freePacket() double free: n_used = %d, idx = %d",n_used,idx); + return; + } + used[p-packets] = false; } _______________________________________________ Semsdev mailing list [email protected] http://lists.iptel.org/mailman/listinfo/semsdev
