Hi!!
On Mit, 2013-01-16 at 12:31 +0000, McLeod, Tim wrote:
[...]
> I think we are moving forward, but my engineer is now experiencing problems whereby it seems that the message is becoming corrupted before the outgoing message can be transmitted. The following is my engineer's description of the problem:
>
> Using "transport_adapter_sample.c" as an example, I am trying to add an attribute to the outgoing SDP message.
>
> I have modified the example code as follows:
>
> /* You may do anything to the local_sdp, e.g. adding new attributes, or
> * even modifying the SDP if you want.
> */
> if (1)
> {
> /* Say we add a proprietary attribute here.. */
> pjmedia_sdp_attr *mikey_attr;
>
> mikey_attr = PJ_POOL_ALLOC_T(sdp_pool, pjmedia_sdp_attr);
>
> pj_strdup2(sdp_pool, &mikey_attr->name, "key-mgmt");
> pj_strdup2(sdp_pool, &mikey_attr->value, "mikey ");
>
> Create_DH_HMAC_SDP_Attribute(sdp_pool, local_sdp, mikey_attr);
>
> pjmedia_sdp_attr_add(&local_sdp->attr_count, local_sdp->attr, my_attr);
> }
>
> Create_DH_HMAC_SDP_Attribute creates a base64 encoded attribute and appends it to "mikey_attr->value".
>
> using
> pj_strcat2(&mikey_atrr->value, base64_buffer);
>
> This appears to work okay, and the attribute is added to the local_sdp, and results in an attribute pj_string something like
>
> "mikey AQcF/kkSBAA............." About 157 bytes in length.
>
> When I step through the routine pjsua_media_channel_create_sdp in pjsua_media.c a call is made to
>
> sdp->conn = pjmedia_sdp_conn_clone(pool, m->conn);
>
> which then overwrites my attribute, resulting in a corrupted message being sent.
>
> Any thoughts/suggestions would be extremely welcome.
I didn't look into the source of strcat2() ATM but all pjlib string
functions do not care about the allocation (and so they cannot possibly
enlarge it - if it is actually possible at all).
So what happens is IMHO:
- you create the attribute correct and successful (at least at that
moment)
- you append the base64 string (and it looks then correct) but the pool
doesn't know that it should touch the space after
mikey_attr->value.ptr+mikey_attr->value.slen (because you only
pj_strdup2() "mikey " into and that reserves probably just 7 bytes
or so).
- on the next allocation from that pool and the subsequent write into
it, the base64 string is plain simply overwritten.
So better allocate enough space for "mikey " and the base64 string (and
not only around 7 bytes ....).
Bernd
--
mobile: +43 664 4416156 http://www.sysprog.at/
Linux Software Development, Consulting and Services
