<h4>Type Of Change</h4>
<ul class="contains-task-list">
<li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox"> Small bug fix (non-breaking change which fixes an issue)</li>
<li class="task-list-item"><input class="task-list-item-checkbox" disabled="" id="" type="checkbox"> New feature (non-breaking change which adds new functionality)</li>
<li class="task-list-item"><input class="task-list-item-checkbox" disabled="" id="" type="checkbox"> Breaking change (fix or feature that would change existing functionality)</li>
</ul>
<h4>Checklist:</h4>
<ul class="contains-task-list">
<li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox"> PR should be backported to stable branches</li>
<li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox"> Tested changes locally</li>
<li>[ ] Related to issue #XXXX (replace XXXX with an open issue number)</li>
</ul>
<h4>Description</h4>
<p>This was an odd one. I can't see how <code>read_sdp_pv</code> ever worked. When the old SDP is deleted with <code>del_lump</code> from the SIP <code>msg</code>, the lump pointer is calculated assuming that <code>body</code> is a pointer relative to <code>msg</code>. When <code>read_sdp_pv</code> is set, <code>body</code> pointer is set to something entirely different and doing pointer maths relative to <code>msg</code> causes integer overflows and results in a segfault on <code>del_lump</code>.</p>
<p>This change explicitly gets the body pointer (<code>cur_body</code>) relative to <code>msg</code> before trying to <code>del_lump</code>. If it's preferable, I can have it only do this if <code>read_sdp_pv</code> is set but I figured it's not a heavy operation and it's safer to always do it.</p>
<hr>
<h4>You can view, comment on, or merge this pull request online at:</h4>
<p> <a href='https://github.com/kamailio/kamailio/pull/1326'>https://github.com/kamailio/kamailio/pull/1326</a></p>
<h4>Commit Summary</h4>
<ul>
<li>rtpengine: fixed segfault when using read_sdp_pv</li>
</ul>
<h4>File Changes</h4>
<ul>
<li>
<strong>M</strong>
<a href="https://github.com/kamailio/kamailio/pull/1326/files#diff-0">src/modules/rtpengine/rtpengine.c</a>
(8)
</li>
</ul>
<h4>Patch Links:</h4>
<ul>
<li><a href='https://github.com/kamailio/kamailio/pull/1326.patch'>https://github.com/kamailio/kamailio/pull/1326.patch</a></li>
<li><a href='https://github.com/kamailio/kamailio/pull/1326.diff'>https://github.com/kamailio/kamailio/pull/1326.diff</a></li>
</ul>
<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/kamailio/kamailio/pull/1326">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AF36Zd8xAknw664Y8oxW21l5xlQyp-nKks5s5U1dgaJpZM4Qojva">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AF36ZYNF09nqdluPnr2n-JhJ2vmIP4chks5s5U1dgaJpZM4Qojva.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
<link itemprop="url" href="https://github.com/kamailio/kamailio/pull/1326"></link>
<meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>
<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/kamailio/kamailio","title":"kamailio/kamailio","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/kamailio/kamailio"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"rtpengine: fixed segfault when using read_sdp_pv (#1326)"}],"action":{"name":"View Pull Request","url":"https://github.com/kamailio/kamailio/pull/1326"}}}</script>