Closed Bug 767380 Opened 11 years ago Closed 11 years ago

WebRTC signaling has fixed-size SDP buffers that need to be dynamic

Categories

(Core :: WebRTC: Signaling, defect)

Product:
Core
Component:
WebRTC: Signaling
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 798873

People

(Reporter: jesup, Assigned: ehugg)

References

Details

(Whiteboard: [WebRTC], [blocking-webrtc+]) 

There are multiple instances of fixed-size SDP buffers in SIPCC (media/webrtc/signaling) that need to be dynamically sized.  If we can't count on infallible malloc (these SDPs are provided by JS code and could be any size), then we'll want to put a 'silly' maximum like 128K or some such in place.  (I suspect we can rely on infallible malloc - need to check.)

Leaks are possible as these weren't allocated/freed before, so lifetimes of these objects should be checked, and it might be good to include some type of debug-build "live buffer" lists to catch attempts to use-after-free and to help pinpoint leaks.
Adding some information:

Internally in SIPCC the SDP buffer size is set to 2048

#define CCSIP_SDP_BUF_SIZE      2048

buf = (char *) cpr_malloc(CCSIP_SDP_BUF_SIZE);

later on 

cpr_free(part->body);
$ chfind SDP_SIZE
./src/sipcc/core/includes/ccapi.h:#define  SDP_SIZE			1024   // must increase this
./src/sipcc/core/includes/ccapi.h:	char			offerSDP[SDP_SIZE];
./src/sipcc/core/includes/ccapi.h:	char			answerSDP[SDP_SIZE];
./src/sipcc/core/includes/ccapi.h:	char			remoteOfferSDP[SDP_SIZE];
./src/sipcc/core/includes/ccapi.h:    char              sdp[SDP_SIZE];

$ chfind SDP_MAX_LEN
./src/sipcc/core/sdp/sdp.h:#define SDP_MAX_LEN                1024

(no uses of this it appears)

$ hfind SDP_MAX_
./src/sipcc/core/sdp/sdp_private.h:#define SDP_MAX_STRING_LEN      80  /* Max len for SDP string    
./src/sipcc/core/sdp/sdp_private.h:#define SDP_MAX_LINE_LEN   80 /* Max len for SDP Line */
(lots of hits removed)

(many, many uses deleted - these all need to be length-checked if used in parsing, or if used in generation if any of the inputs are controllable)

Just some quick greps of the code...
QA Contact: jsmith
Whiteboard: [WebRTC], [blocking-webrtc+]
Assignee: emannion → ethanhugg
Dynamically allocated buffers form SDP was pushed as part of Bug 798873
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.