From 670b0bbc99b21bac25f2fc50438324bb6fd8fd7b Mon Sep 17 00:00:00 2001 From: Hassan Sahibzada Date: Tue, 8 Feb 2022 08:57:01 -0500 Subject: [PATCH 1/3] new Chrome v98 produces extra sdp attributes, up the limit so we do not reject --- src/source/Sdp/Sdp.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/source/Sdp/Sdp.h b/src/source/Sdp/Sdp.h index af1cae5e14..c841b38445 100644 --- a/src/source/Sdp/Sdp.h +++ b/src/source/Sdp/Sdp.h @@ -75,7 +75,7 @@ extern "C" { #define MAX_SDP_SESSION_MEDIA_COUNT 5 #define MAX_SDP_MEDIA_BANDWIDTH_COUNT 2 -#define MAX_SDP_ATTRIBUTES_COUNT 128 +#define MAX_SDP_ATTRIBUTES_COUNT 256 /* * c= From 71131f498fd09a1f7d7586e46f937e5415b03de9 Mon Sep 17 00:00:00 2001 From: Divya Sampath Kumar Date: Tue, 8 Feb 2022 09:44:18 -0800 Subject: [PATCH 2/3] Fix test and change count to unit16 to avoid overflow issues --- src/source/Sdp/Deserialize.c | 3 +-- src/source/Sdp/Sdp.h | 4 ++-- tst/SdpApiTest.cpp | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/src/source/Sdp/Deserialize.c b/src/source/Sdp/Deserialize.c index 9a2f12d2e4..c67d684140 100644 --- a/src/source/Sdp/Deserialize.c +++ b/src/source/Sdp/Deserialize.c @@ -5,7 +5,6 @@ STATUS parseMediaName(PSessionDescription pSessionDescription, PCHAR pch, UINT32 { ENTERS(); STATUS retStatus = STATUS_SUCCESS; - CHK(pSessionDescription->mediaCount < MAX_SDP_SESSION_MEDIA_COUNT, STATUS_BUFFER_TOO_SMALL); STRNCPY(pSessionDescription->mediaDescriptions[pSessionDescription->mediaCount].mediaName, (pch + SDP_ATTRIBUTE_LENGTH), @@ -48,7 +47,7 @@ STATUS parseMediaAttributes(PSessionDescription pSessionDescription, PCHAR pch, ENTERS(); STATUS retStatus = STATUS_SUCCESS; PCHAR search; - UINT8 currentMediaAttributesCount; + UINT16 currentMediaAttributesCount; currentMediaAttributesCount = pSessionDescription->mediaDescriptions[pSessionDescription->mediaCount - 1].mediaAttributesCount; diff --git a/src/source/Sdp/Sdp.h b/src/source/Sdp/Sdp.h index c841b38445..c156e80357 100644 --- a/src/source/Sdp/Sdp.h +++ b/src/source/Sdp/Sdp.h @@ -198,9 +198,9 @@ typedef struct { SdpMediaDescription mediaDescriptions[MAX_SDP_SESSION_MEDIA_COUNT]; - UINT8 sessionAttributesCount; + UINT16 sessionAttributesCount; - UINT8 mediaCount; + UINT16 mediaCount; UINT8 timezoneCount; diff --git a/tst/SdpApiTest.cpp b/tst/SdpApiTest.cpp index 10e4ab28e3..ee429d893e 100644 --- a/tst/SdpApiTest.cpp +++ b/tst/SdpApiTest.cpp @@ -232,7 +232,7 @@ s=- t=0 0 )"; - for (auto i = 0; i < 250; i++) { + for (auto i = 0; i <= MAX_SDP_ATTRIBUTES_COUNT + 1; i++) { sessionDescriptionNoMedia += "a=b\n"; } From 3d02fbc317fdb40d909e608925b6596436f38cdf Mon Sep 17 00:00:00 2001 From: Divya Sampath Kumar Date: Tue, 8 Feb 2022 09:57:46 -0800 Subject: [PATCH 3/3] fix issue reported by codeql --- src/source/PeerConnection/SessionDescription.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/source/PeerConnection/SessionDescription.c b/src/source/PeerConnection/SessionDescription.c index 14d207b28b..bd9f50ec4e 100644 --- a/src/source/PeerConnection/SessionDescription.c +++ b/src/source/PeerConnection/SessionDescription.c @@ -151,7 +151,8 @@ STATUS setPayloadTypesFromOffer(PHashTable codecTable, PHashTable rtxTable, PSes ENTERS(); STATUS retStatus = STATUS_SUCCESS; PSdpMediaDescription pMediaDescription = NULL; - UINT8 currentMedia, currentAttribute; + UINT8 currentAttribute; + UINT16 currentMedia; PCHAR attributeValue, end; UINT64 parsedPayloadType, hashmapPayloadType, fmtpVal, aptVal; UINT16 aptFmtpVals[MAX_SDP_FMTP_VALUES];