git.ipfire.org Git - thirdparty/asterisk.git/commit

author	zhengsh <zhengsh@ti-net.com.cn>
	Fri, 30 Jun 2023 10:39:20 +0000 (18:39 +0800)
committer	Asterisk Development Team <asteriskteam@digium.com>
	Wed, 6 Sep 2023 16:46:45 +0000 (16:46 +0000)
commit	d6718db02043738730fe0b08a838dc0f6223e936
tree	8753d6ff20171abff346c120fcd03775a4be7aff	tree
parent	2b79fa000070bd0ed3180b233fd9b6f6c8111ff2	commit \| diff

res_rtp_asterisk: Move ast_rtp_rtcp_report_alloc using `rtp->themssrc_valid` into the scope of the rtp_instance lock.

From the gdb information, it was found that when calling __ast_free, the size of the
allocated space pointed to by the pointer matches the size created when rtp->themssrc_valid
is equal to 0. However, in reality, when reading the value of rtp->themssrc_valid in gdb,
it is found to be 1.

Within ast_rtcp_write(), the call to ast_rtp_rtcp_report_alloc() uses rtp->themssrc_valid,
which is outside the protection of the rtp_instance lock. However,
ast_rtcp_generate_report(), which is called by ast_rtcp_generate_compound_prefix(), uses
rtp->themssrc_valid within the protection of the rtp_instance lock.

This can lead to the possibility that the value of rtp->themssrc_valid used in the call to
ast_rtp_rtcp_report_alloc() may be different from the value of rtp->themssrc_valid used
within ast_rtcp_generate_report().

Resolves: asterisk#63
(cherry picked from commit fe478ddc1455df8b5534186e544aed48127624c6)