sdp_data_t->unitSize for strings in the SDP record is
`sizeof(uint8_t) + strlen(str)`.
The "length" argument of sdp_data_alloc_with_length() is expected to be
only the length of the string (so `sdp_data_t->unitSize - sizeof(uint8_t)`).
Since the last commit, in sdp_copy_seq() we're allocating one byte too much
for strings now, because the `sizeof(uint8_t)` is not subtracted from unitSize
there.
Fix this by making use of the length returned by sdp_data_value() and pass
that on to sdp_data_alloc_with_length().
Co-developed-by: Zander Brown <zbrown@xxxxxxxxx>
---
lib/sdp.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/sdp.c b/lib/sdp.c
index 006ab057a..4b10d8f67 100644
--- a/lib/sdp.c
+++ b/lib/sdp.c
@@ -1527,10 +1527,10 @@ static sdp_data_t *sdp_copy_seq(sdp_data_t *data)
for (tmp = data; tmp; tmp = tmp->next) {
sdp_data_t *datatmp;
void *value;
+ uint32_t len = 0;
- value = sdp_data_value(tmp, NULL);
- datatmp = sdp_data_alloc_with_length(tmp->dtd, value,
- tmp->unitSize);
+ value = sdp_data_value(tmp, &len);
+ datatmp = sdp_data_alloc_with_length(tmp->dtd, value, len);
if (cur)
cur->next = datatmp;
--
2.41.0
