Module: sems Branch: 1.4 Commit: 01213516382d1f6f283625a9e455824929ca6bb7 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sems/?a=commit;h=01213516382d1f6f283625a9e455824929ca6bb7
Author: Raphael Coeffic <[email protected]> Committer: Raphael Coeffic <[email protected]> Date: Thu Feb 28 12:55:46 2013 +0100 b/f: hot fix for possible infinite loop in PacketMem::newPacket() If PacketMem::freePacket() is called twice for the same packet, the RTP receiver would block for ever in PacketMem::newPacket(). Many thanks to our anonymous friend at onat.edu.ua! --- core/AmRtpStream.cpp | 9 +++++++++ 1 files changed, 9 insertions(+), 0 deletions(-) diff --git a/core/AmRtpStream.cpp b/core/AmRtpStream.cpp index bb2b0a4..b1c6209 100644 --- a/core/AmRtpStream.cpp +++ b/core/AmRtpStream.cpp @@ -792,6 +792,15 @@ inline AmRtpPacket* PacketMem::newPacket() { inline void PacketMem::freePacket(AmRtpPacket* p) { if (!p) return; + int idx = p-packets; + assert(idx > 0); + assert(idx < MAX_PACKETS); + + if(!used[idx]) { + ERROR("freePacket() double free: n_used = %d, idx = %d",n_used,idx); + return; + } + used[p-packets] = false; } _______________________________________________ Semsdev mailing list [email protected] http://lists.iptel.org/mailman/listinfo/semsdev
