WebRTC signaling has fixed-size SDP buffers that need to be dynamic

RESOLVED DUPLICATE of bug 798873

Status

()

RESOLVED DUPLICATE of bug 798873
6 years ago
6 years ago

People

(Reporter: jesup, Assigned: ehugg)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [WebRTC], [blocking-webrtc+])

(Reporter)

Description

6 years ago
There are multiple instances of fixed-size SDP buffers in SIPCC (media/webrtc/signaling) that need to be dynamically sized.  If we can't count on infallible malloc (these SDPs are provided by JS code and could be any size), then we'll want to put a 'silly' maximum like 128K or some such in place.  (I suspect we can rely on infallible malloc - need to check.)

Leaks are possible as these weren't allocated/freed before, so lifetimes of these objects should be checked, and it might be good to include some type of debug-build "live buffer" lists to catch attempts to use-after-free and to help pinpoint leaks.
Adding some information:

Internally in SIPCC the SDP buffer size is set to 2048

#define CCSIP_SDP_BUF_SIZE      2048

buf = (char *) cpr_malloc(CCSIP_SDP_BUF_SIZE);

later on 

cpr_free(part->body);
(Reporter)

Comment 2

6 years ago
$ chfind SDP_SIZE
./src/sipcc/core/includes/ccapi.h:#define  SDP_SIZE			1024   // must increase this
./src/sipcc/core/includes/ccapi.h:	char			offerSDP[SDP_SIZE];
./src/sipcc/core/includes/ccapi.h:	char			answerSDP[SDP_SIZE];
./src/sipcc/core/includes/ccapi.h:	char			remoteOfferSDP[SDP_SIZE];
./src/sipcc/core/includes/ccapi.h:    char              sdp[SDP_SIZE];

$ chfind SDP_MAX_LEN
./src/sipcc/core/sdp/sdp.h:#define SDP_MAX_LEN                1024

(no uses of this it appears)

$ hfind SDP_MAX_
./src/sipcc/core/sdp/sdp_private.h:#define SDP_MAX_STRING_LEN      80  /* Max len for SDP string    
./src/sipcc/core/sdp/sdp_private.h:#define SDP_MAX_LINE_LEN   80 /* Max len for SDP Line */
(lots of hits removed)

(many, many uses deleted - these all need to be length-checked if used in parsing, or if used in generation if any of the inputs are controllable)

Just some quick greps of the code...

Updated

6 years ago
QA Contact: jsmith

Updated

6 years ago
Whiteboard: [WebRTC], [blocking-webrtc+]
Assignee: emannion → ethanhugg
(Assignee)

Comment 3

6 years ago
Dynamically allocated buffers form SDP was pushed as part of Bug 798873
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 798873
You need to log in before you can comment on or make changes to this bug.