Commit ec3783f7 authored by Philip Withnall's avatar Philip Withnall

agent: Check STUN buffer is non-NULL before getting its message ID

This should fix a crash, as detected by Valgrind:
  ==28354== Invalid read of size 2
  ==28354==    at 0x4C2B5B0: memcpy@@GLIBC_2.14 (in
    /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==28354==    by 0x50C17E2: stun_message_id (stunmessage.c:658)
  ==28354==    by 0x509E4E7: candidate_check_pair_fail (conncheck.c:254)
  ==28354==    by 0x50A4EDB: conn_check_prune_socket (conncheck.c:3145)
  ==28354==    by 0x509B6F8: component_io_cb (agent.c:3951)
parent a8ec764a
......@@ -252,8 +252,10 @@ candidate_check_pair_fail (Stream *stream, NiceAgent *agent, CandidateCheckPair
p->state = NICE_CHECK_FAILED;
nice_debug ("Agent %p : pair %p state FAILED", agent, p);
stun_message_id (&p->stun_message, id);
stun_agent_forget_transaction (&component->stun_agent, id);
if (p->stun_message.buffer != NULL) {
stun_message_id (&p->stun_message, id);
stun_agent_forget_transaction (&component->stun_agent, id);
}
p->stun_message.buffer = NULL;
p->stun_message.buffer_len = 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment