Erroneus RTCP SDES CNAME
Posted: 10 Feb 2009 11:32
I receive RTCP reports using ccRTP library from VLC 0.9.6. Every now and then my app crashes due to erroneus SDES CNAME field, or at least that is what GDB backtrace suggests. The essential lines of the backtrace follow:
Above suggests that the CNAME length is indicated 9 in the length field of the CNAME part of SDES packet. However, the whole string "127.0.0.1\006\tvlc 0.9.6"
length is 20 characters, and this causes memory corruption at some point, I guess.
One issue related to this has been addressed in TRAC ticket #1541, but this ticket handles the whole SDES chunk, not the CNAME field especially.
Code: Select all
#9 0x0819940b in ost::QueueRTCPManager::setSDESItem (this=0x86f6d38, part=0x8730730, type=ost::SDESItemTypeCNAME,
value=0x86f81f6 "127.0.0.1\006\tvlc 0.9.6", len=9) at ./ccrtp/sources.h:174
#10 0x0819a721 in ost::QueueRTCPManager::onGotSDESChunk (this=0x86f6d38, source=@0x872ff60, chunk=@0x86f81f0, len=32) at control.cpp:674
Above suggests that the CNAME length is indicated 9 in the length field of the CNAME part of SDES packet. However, the whole string "127.0.0.1\006\tvlc 0.9.6"
length is 20 characters, and this causes memory corruption at some point, I guess.
One issue related to this has been addressed in TRAC ticket #1541, but this ticket handles the whole SDES chunk, not the CNAME field especially.