From: Matthew Jordan <mjordan@digium.com>
Date: Thu, 21 Nov 2013 17:53:39 +0000 (+0000)
Subject: res_pjsip_sdp_rtp: Fix use of uninitialized value in PJSIP
X-Git-Tag: 13.0.0-beta1~826
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c3575e338e986e112e092309ae2b585b988aa6d0;p=thirdparty%2Fasterisk.git

res_pjsip_sdp_rtp: Fix use of uninitialized value in PJSIP

In PJMEDIA, pjmedia_sdp_rtpmap_to_attr will attempt to use the string
rtpmap.param regardless of its length value. Simply setting the length to 0
does not prevent the garbage on the stack in rtpmap.param.ptr from being
formatted in a sprintf call. This patch initializes the string to NULL so that
at the very least, something is provided to the function that is predictable.
........

Merged revisions 402941 from http://svn.asterisk.org/svn/asterisk/branches/12


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@402943 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/res/res_pjsip_sdp_rtp.c b/res/res_pjsip_sdp_rtp.c
index a2dda373fb..96aad281b8 100644
--- a/res/res_pjsip_sdp_rtp.c
+++ b/res/res_pjsip_sdp_rtp.c
@@ -274,6 +274,7 @@ static pjmedia_sdp_attr* generate_rtpmap_attr(pjmedia_sdp_media *media, pj_pool_
 	rtpmap.clock_rate = ast_rtp_lookup_sample_rate2(asterisk_format, format, code);
 	pj_strdup2(pool, &rtpmap.enc_name, ast_rtp_lookup_mime_subtype2(asterisk_format, format, code, 0));
 	rtpmap.param.slen = 0;
+	rtpmap.param.ptr = NULL;
 
 	pjmedia_sdp_rtpmap_to_attr(pool, &rtpmap, &attr);