Author: rmudgett Date: Fri Mar 20 13:23:57 2015 New Revision: 433199 URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=433199 Log: res_pjsip_sdp_rtp,sorcery: Fix invalid access and memory leak respectively.
Valgrind found a memory leak and invalid access. * Fix invalid access by sscanf() being fed a non-nul terminated string of digits in res/res_pjsip_sdp_rtp.c:get_codecs(). * Fix memory leak in main/sorcery.c:sorcery_object_field_destructor(). * Fix potential NULL pointer dereference in main/xmldoc.c:xmldoc_get_syntax_config_option(). Review: https://reviewboard.asterisk.org/r/4513/ Modified: branches/13/main/sorcery.c branches/13/main/xmldoc.c branches/13/res/res_pjsip_sdp_rtp.c Modified: branches/13/main/sorcery.c URL: http://svnview.digium.com/svn/asterisk/branches/13/main/sorcery.c?view=diff&rev=433199&r1=433198&r2=433199 ============================================================================== --- branches/13/main/sorcery.c (original) +++ branches/13/main/sorcery.c Fri Mar 20 13:23:57 2015 @@ -1078,6 +1078,7 @@ if (object_field->name_regex) { regfree(object_field->name_regex); + ast_free(object_field->name_regex); } } Modified: branches/13/main/xmldoc.c URL: http://svnview.digium.com/svn/asterisk/branches/13/main/xmldoc.c?view=diff&rev=433199&r1=433198&r2=433199 ============================================================================== --- branches/13/main/xmldoc.c (original) +++ branches/13/main/xmldoc.c Fri Mar 20 13:23:57 2015 @@ -1239,7 +1239,7 @@ regex = ast_xml_get_attribute(fixnode, "regex"); ast_str_set(&syntax, 0, "%s = [%s] (Default: %s) (Regex: %s)\n", name, - type, + type ?: "", default_value ?: "n/a", regex ?: "False"); Modified: branches/13/res/res_pjsip_sdp_rtp.c URL: http://svnview.digium.com/svn/asterisk/branches/13/res/res_pjsip_sdp_rtp.c?view=diff&rev=433199&r1=433198&r2=433199 ============================================================================== --- branches/13/res/res_pjsip_sdp_rtp.c (original) +++ branches/13/res/res_pjsip_sdp_rtp.c Fri Mar 20 13:23:57 2015 @@ -180,7 +180,11 @@ } if ((pjmedia_sdp_attr_get_fmtp(attr, &fmtp)) == PJ_SUCCESS) { - sscanf(pj_strbuf(&fmtp.fmt), "%d", &num); + ast_copy_pj_str(fmt_param, &fmtp.fmt, sizeof(fmt_param)); + if (sscanf(fmt_param, "%30d", &num) != 1) { + continue; + } + if ((format = ast_rtp_codecs_get_payload_format(codecs, num))) { struct ast_format *format_parsed; -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- svn-commits mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/svn-commits
