asterisk/third-party/pjproject/patches/0060-sip_msg-Prevent-crash-on-header-without-vptr.patch

From 88409082a4cbf27b308c76c148270ee72fdcb503 Mon Sep 17 00:00:00 2001
From: Riza Sulistyo <riza@teluu.com>
Date: Wed, 17 Jan 2018 11:30:52 +0000
Subject: [PATCH] r5727 svn backport sip_msg: Prevent crash on header without
 vptr

Re #2059 (misc): Prevent corrupt header from causing a crash when printed.
Thanks to George Joseph for the patch.

Occasionally a header with no vptr gets into the list of header.  This
causes a crash when printing them.  We still need to figure out how
the header got there but this patch at least prevents the crash by checking
for a non-NULL vptr before attempting to call its print function.
---
 pjsip/src/pjsip/sip_msg.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/pjsip/src/pjsip/sip_msg.c b/pjsip/src/pjsip/sip_msg.c
index a13f80e..8819dd9 100644
--- a/pjsip/src/pjsip/sip_msg.c
+++ b/pjsip/src/pjsip/sip_msg.c
@@ -26,6 +26,7 @@
 #include <pj/string.h>
 #include <pj/pool.h>
 #include <pj/assert.h>
+#include <pj/log.h>
 #include <pjlib-util/string.h>
 
 PJ_DEF_DATA(const pjsip_method) pjsip_invite_method =
@@ -461,8 +462,13 @@ PJ_DEF(pj_ssize_t) pjsip_msg_print( const pjsip_msg *msg,
     /* Print each of the headers. */
     for (hdr=msg->hdr.next; hdr!=&msg->hdr; hdr=hdr->next) {
 	len = pjsip_hdr_print_on(hdr, p, end-p);
-	if (len < 0)
-	    return -1;
+	if (len < 0) {
+	   if (len == -2) {
+	       PJ_LOG(5, ("sip_msg", "Header with no vptr encountered!! "\
+			  "Current buffer: %.*s", (int)(p-buf), buf));
+	   }
+	   return len;
+	}
 
 	if (len > 0) {
 	    p += len;
@@ -578,6 +584,7 @@ PJ_DEF(void*) pjsip_hdr_shallow_clone( pj_pool_t *pool, const void *hdr_ptr )
 PJ_DEF(int) pjsip_hdr_print_on( void *hdr_ptr, char *buf, pj_size_t len)
 {
     pjsip_hdr *hdr = (pjsip_hdr*) hdr_ptr;
+    PJ_ASSERT_RETURN(hdr->vptr, -2);
     return (*hdr->vptr->print_on)(hdr_ptr, buf, len);
 }
 
-- 
2.7.4