[Protocol-dev] Re: [Nokia-private-dev] CR: ou1cimx1#503969: Security: MMFControllerProxyServer-25a KERN-EXEC 3" is detected when running RTSP test cases 1336 and 1350.
Jamie Gordon jgordon at real.comlooks good On 8/12/2010 6:31 AM, ext-debashis.2.panigrahi at nokia.com wrote: > <The issue resolution was not complete earlier as portion of the correction was missing. Hence re-sending the correct and complete solution.> > > "Nokia submits this code under the terms of a commercial contribution agreement with RealNetworks, and I am authorized to contribute this code under said agreement." > > Modified by: ext-debashis.2.panigrahi at nokia.com > > Reviewed by: girish.shetty at nokia.com > > RC Id: ou1cimx1#503969 > > Date: 08/12/2010 > > Project: SymbianMmf_wm > > Synopsis: Security: MMFControllerProxyServer-25a KERN-EXEC 3" is detected when running RTSP test cases 1336 and 1350. > > Overview: > The crash is due to invalid pointer access as URL info that is present in the response string is invalid. This causes the crash inside ReadRTPInfoEntry() as ulLength becomes zero (rtptime value is not present). > > Fix: > Now going for further processing of the url only if it is valid /exists. Additionally also checking for pSeq and pRTPTime, as we might get another crash if both of the values are NULL. Also checking if ulLength is greater than zero, then only going for further processing of URL. > > Files modified & changes: > protocol/rtsp/rtsppars.cpp > > Image Size and Heap Use impact: No major impact > > Module Release testing (STIF) : Passed > > Test case(s) Added : No > > Memory leak check performed : Passed, No additional leaks introduced. > > Platforms and Profiles Build Verified: helix-client-s60-52-mmf-mdf-dsp > > Platforms and Profiles Functionality verified: armv5, winscw > > Branch: 210CayS, 420Bizo and HEAD > > CVS Diff on 210CayS: > Index: rtsppars.cpp > =================================================================== > RCS file: /cvsroot/protocol/rtsp/rtsppars.cpp,v > retrieving revision 1.14.2.2 > diff -u -w -r1.14.2.2 rtsppars.cpp > --- rtsppars.cpp 6 Aug 2010 11:03:40 -0000 1.14.2.2 > +++ rtsppars.cpp 11 Aug 2010 11:56:00 -0000 > @@ -357,6 +357,9 @@ > temp.TrimRight(); > > ulLength = temp.GetLength(); > + // If ulLength > 0 data is present > + if (ulLength > 0) > + { > // remove trailing ',' or ';' in case there is any > if (temp[ulLength-1] == ',' || temp[ulLength-1] == ';') > { > @@ -367,7 +370,7 @@ > { > out = temp; > } > - > + } > return 0; > } > > @@ -385,7 +388,7 @@ > lURL = in.Find("url="); > HX_ASSERT(lURL == 0); > > - if (lURL && (pSeq || pRTPTime)) > + if (lURL == 0 && (pSeq || pRTPTime)) > { > if (pSeq) > { > > _______________________________________________ > Nokia-private-dev mailing list > Nokia-private-dev at helixcommunity.org > http://lists.helixcommunity.org/mailman/listinfo/nokia-private-dev