mirror of https://github.com/sipwise/rtpengine.git
`packet_sequencer_init()` initializes
`packet_sequencer_t` sequence to -1 always.
So make sure to set `uint16_t` later not to
an underflowing value, which can potentially
set the `uint16_t` object type to some insanely
big value.
Fixes:
/daemon/codec.c: 1893 in __handler_func_sequencer()
1887 if (!seq) {
1888 seq = g_slice_alloc0(sizeof(*seq));
1889 packet_sequencer_init(seq, (GDestroyNotify) __transcode_packet_free);
1890 g_hash_table_insert(ssrc_in_p->sequencers, mp->media_out, seq);
1891 }
1892
>>> CID 1616503: Integer handling issues (INTEGER_OVERFLOW)
>>> Expression "seq_ori", where "seq->seq" is known to be equal to -1, overflows the type of "seq_ori", which is type "uint16_t".
1893 uint16_t seq_ori = seq->seq;
1894 int seq_ret = packet_sequencer_insert(seq, &packet->p);
1895 if (seq_ret < 0) {
1896 // dupe
1897 int func_ret = 0;
1898 if (packet->dup_func)
** CID 1616502: (LOCK_EVASION)
/daemon/media_player.c: 487 in media_player_read_decoded_packet()
/daemon/media_player.c: 479 in media_player_read_decoded_packet()
Change-Id: Ifbd68021f17866aa9b7482b1bd42e2acf1c25dfa
pull/1897/head
Donat Zenichev
11 months ago
parent
08c482282f
commit
ce9f91aa8d
Loading…
Reference in new issue