res_pjsip_sdp_rtp: Fix use of uninitialized value in PJSIP
authorMatthew Jordan <mjordan@digium.com>
Thu, 21 Nov 2013 17:53:39 +0000 (17:53 +0000)
committerMatthew Jordan <mjordan@digium.com>
Thu, 21 Nov 2013 17:53:39 +0000 (17:53 +0000)
In PJMEDIA, pjmedia_sdp_rtpmap_to_attr will attempt to use the string
rtpmap.param regardless of its length value. Simply setting the length to 0
does not prevent the garbage on the stack in rtpmap.param.ptr from being
formatted in a sprintf call. This patch initializes the string to NULL so that
at the very least, something is provided to the function that is predictable.
........

Merged revisions 402941 from http://svn.asterisk.org/svn/asterisk/branches/12

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@402943 65c4cc65-6c06-0410-ace0-fbb531ad65f3

res/res_pjsip_sdp_rtp.c

index a2dda37..96aad28 100644 (file)
@@ -274,6 +274,7 @@ static pjmedia_sdp_attr* generate_rtpmap_attr(pjmedia_sdp_media *media, pj_pool_
        rtpmap.clock_rate = ast_rtp_lookup_sample_rate2(asterisk_format, format, code);
        pj_strdup2(pool, &rtpmap.enc_name, ast_rtp_lookup_mime_subtype2(asterisk_format, format, code, 0));
        rtpmap.param.slen = 0;
+       rtpmap.param.ptr = NULL;
 
        pjmedia_sdp_rtpmap_to_attr(pool, &rtpmap, &attr);