#### Type Of Change - [X] Small bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality)
#### Checklist: <!-- Go over all points below, and after creating the PR, tick the checkboxes that apply --> - [X] PR should be backported to stable branches - [X] Tested changes locally - [ ] Related to issue #XXXX (replace XXXX with an open issue number)
#### Description This was an odd one. I can't see how `read_sdp_pv` ever worked. When the old SDP is deleted with `del_lump` from the SIP `msg`, the lump pointer is calculated assuming that `body` is a pointer relative to `msg`. When `read_sdp_pv` is set, `body` pointer is set to something entirely different and doing pointer maths relative to `msg` causes integer overflows and results in a segfault on `del_lump`.
This change explicitly gets the body pointer (`cur_body`) relative to `msg` before trying to `del_lump`. If it's preferable, I can have it only do this if `read_sdp_pv` is set but I figured it's not a heavy operation and it's safer to always do it. You can view, comment on, or merge this pull request online at:
https://github.com/kamailio/kamailio/pull/1326
-- Commit Summary --
* rtpengine: fixed segfault when using read_sdp_pv
-- File Changes --
M src/modules/rtpengine/rtpengine.c (8)
-- Patch Links --
https://github.com/kamailio/kamailio/pull/1326.patch https://github.com/kamailio/kamailio/pull/1326.diff