1082544 - Generated owner version in SDP bigger than max_value_version

Status: RESOLVED DUPLICATE of bug 861895

(Core :: WebRTC, defect)

Description

[Roland Andriese]

User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.101 Safari/537.36

Steps to reproduce:

Attempted to setup a WebRTC call from Firefox to Firefox


Actual results:

Some, if not most, of the calls fail with error 'Invalid owner version specified for o=.'


Expected results:

The initially generated owner version should not overflow the maximum value of (2^62)-1, as specified in RFC 3264: 

The numeric value of the session id
   and version in the o line MUST be representable with a 64 bit signed
   integer.  The initial value of the version MUST be less than
   (2**62)-1, to avoid rollovers.

When the owner version is parsed in sdp_parser_owner, the value actually gets checked for not overflowing the maximum value of 4611686018427387902. When generating the owner version, there is no limit on how big the unsigned int 64 can actually be, which causes the failure in call-setup.

The behaviour has been checked by replacing line 140 in sdp_token.c:
    result = sdp_verify_unsigned(sdp_p->owner_version, max_value_version);
with:
    result = SDP_SUCCESS;

The bug seems somewhat similar to #861895, and has been introduced since commit 128199.

Comment 1

[Byron Campen [:bwc]]

So, for sure that check should be 2^63 - 1, since the 2^62 - 1 limit from RFC 3264 only applies to the _initial_ version, not subsequent ones. This parse code applies to all SDP. However, my suspicion is that we have some other bug in the generation here, because this kind of failure is not something we've ever observed. Can we get some more detail here? Which webrtc service was being used?