Module: kamailio Branch: 5.0 Commit: bae644494e3ad1a1384def016a9343c073cfe1a6 URL: https://github.com/kamailio/kamailio/commit/bae644494e3ad1a1384def016a9343c0...
Author: Phil Lavin phil.lavin@cloudcall.com Committer: Daniel-Constantin Mierla miconda@gmail.com Date: 2017-11-23T12:55:00+01:00
rtpengine: fixed segfault when using read_sdp_pv
- Obtain body pointer fresh from the SIP message as when using read_sdp_pv the body pointer is overwritten
---
Modified: src/modules/rtpengine/rtpengine.c
---
Diff: https://github.com/kamailio/kamailio/commit/bae644494e3ad1a1384def016a9343c0... Patch: https://github.com/kamailio/kamailio/commit/bae644494e3ad1a1384def016a9343c0...
---
diff --git a/src/modules/rtpengine/rtpengine.c b/src/modules/rtpengine/rtpengine.c index 82717f8e59..ee3b5f1671 100644 --- a/src/modules/rtpengine/rtpengine.c +++ b/src/modules/rtpengine/rtpengine.c @@ -2853,6 +2853,7 @@ rtpengine_offer_answer(struct sip_msg *msg, const char *flags, int op, int more) str body, newbody; struct lump *anchor; pv_value_t pv_val; + str cur_body = {0, 0};
dict = rtpp_function_call_ok(&bencbuf, msg, op, flags, &body); if (!dict) @@ -2882,7 +2883,12 @@ rtpengine_offer_answer(struct sip_msg *msg, const char *flags, int op, int more) pkg_free(newbody.s);
} else { - anchor = del_lump(msg, body.s - msg->buf, body.len, 0); + /* get the body from the message as body ptr may have changed */ + cur_body.len = 0; + cur_body.s = get_body(msg); + cur_body.len = msg->buf + msg->len - cur_body.s; + + anchor = del_lump(msg, cur_body.s - msg->buf, cur_body.len, 0); if (!anchor) { LM_ERR("del_lump failed\n"); goto error_free;
-
Daniel-Constantin Mierla