kenmirrors
/
freeswitch
mirror of https://github.com/signalwire/freeswitch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Coverity reported an Uninitialized pointer read. Upon further digging it appears that there is a code path where incoming packets can come in out of order, so this section of code tries to see if it can find the missed packets. As per FS-5202 there is a case where under heavy load the packet exists, and has most of the packet parsed, but still has a NULL pointer for the packet buffer. These two lines would at least help detect the edge case.

This commit is contained in:
William King 2013-05-18 17:34:16 -07:00
parent bd4ea84242
commit f3393ef362
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/mod/applications/mod_spandsp/udptl.c
View File

@ -74,6 +74,10 @@ static int decode_open_type(const uint8_t *buf, int limit, int *len, const uint8
if ((*len + octet_cnt) > limit) if ((*len + octet_cnt) > limit)
return -1; return -1;
/* Was told the buffer was large enough, but in reality it didn't exist. FS-5202 */
if ( buf[*len] == NULL )
return -1;
*pbuf = &buf[*len]; *pbuf = &buf[*len];
*len += octet_cnt; *len += octet_cnt;
} }
@ -159,7 +163,7 @@ int udptl_rx_packet(udptl_state_t *s, const uint8_t buf[], int len)
const uint8_t *data; const uint8_t *data;
int msg_len; int msg_len;
int repaired[16]; int repaired[16];
const uint8_t *bufs[16]; const uint8_t *bufs[16] = {0};
int lengths[16]; int lengths[16];
int span; int span;
int entries; int entries;