Closed
Bug 767380
Opened 12 years ago
Closed 12 years ago
WebRTC signaling has fixed-size SDP buffers that need to be dynamic
Categories
(Core :: WebRTC: Signaling, defect)
Core
WebRTC: Signaling
Tracking
()
RESOLVED
DUPLICATE
of bug 798873
People
(Reporter: jesup, Assigned: ehugg)
References
Details
(Whiteboard: [WebRTC], [blocking-webrtc+])
There are multiple instances of fixed-size SDP buffers in SIPCC (media/webrtc/signaling) that need to be dynamically sized. If we can't count on infallible malloc (these SDPs are provided by JS code and could be any size), then we'll want to put a 'silly' maximum like 128K or some such in place. (I suspect we can rely on infallible malloc - need to check.)
Leaks are possible as these weren't allocated/freed before, so lifetimes of these objects should be checked, and it might be good to include some type of debug-build "live buffer" lists to catch attempts to use-after-free and to help pinpoint leaks.
|
||
Comment 1•12 years ago
|
||
Adding some information:
Internally in SIPCC the SDP buffer size is set to 2048
#define CCSIP_SDP_BUF_SIZE 2048
buf = (char *) cpr_malloc(CCSIP_SDP_BUF_SIZE);
later on
cpr_free(part->body);
|
Reporter | |
Comment 2•12 years ago
|
||
$ chfind SDP_SIZE
./src/sipcc/core/includes/ccapi.h:#define SDP_SIZE 1024 // must increase this
./src/sipcc/core/includes/ccapi.h: char offerSDP[SDP_SIZE];
./src/sipcc/core/includes/ccapi.h: char answerSDP[SDP_SIZE];
./src/sipcc/core/includes/ccapi.h: char remoteOfferSDP[SDP_SIZE];
./src/sipcc/core/includes/ccapi.h: char sdp[SDP_SIZE];
$ chfind SDP_MAX_LEN
./src/sipcc/core/sdp/sdp.h:#define SDP_MAX_LEN 1024
(no uses of this it appears)
$ hfind SDP_MAX_
./src/sipcc/core/sdp/sdp_private.h:#define SDP_MAX_STRING_LEN 80 /* Max len for SDP string
./src/sipcc/core/sdp/sdp_private.h:#define SDP_MAX_LINE_LEN 80 /* Max len for SDP Line */
(lots of hits removed)
(many, many uses deleted - these all need to be length-checked if used in parsing, or if used in generation if any of the inputs are controllable)
Just some quick greps of the code...
|
||
Updated•12 years ago
|
QA Contact: jsmith
|
|
||
Updated•12 years ago
|
Whiteboard: [WebRTC], [blocking-webrtc+]
|
|
||
Updated•12 years ago
|
Assignee: emannion → ethanhugg
|
Assignee | |
Comment 3•12 years ago
|
||
Dynamically allocated buffers form SDP was pushed as part of Bug 798873
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•