From fd6125c4dd4ff972d1609163cd36e2b38c845d75 Mon Sep 17 00:00:00 2001 From: sauwming Date: Tue, 14 Mar 2023 10:25:46 +0800 Subject: [PATCH 1/4] Fixed buffer overflow in h264 unpacketizer (#3434) --- pjmedia/src/pjmedia-codec/h264_packetizer.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pjmedia/src/pjmedia-codec/h264_packetizer.c b/pjmedia/src/pjmedia-codec/h264_packetizer.c index ba8353164..b701e339f 100644 --- a/pjmedia/src/pjmedia-codec/h264_packetizer.c +++ b/pjmedia/src/pjmedia-codec/h264_packetizer.c @@ -437,6 +437,9 @@ PJ_DEF(pj_status_t) pjmedia_h264_unpacketize(pjmedia_h264_packetizer *pktz, while (q < q_end && p < p_end) { pj_uint16_t tmp_nal_size; + if (p + pktz->cfg.unpack_nal_start > p_end) + return PJ_EINVAL; + /* Write NAL unit start code */ pj_memcpy(p, nal_start_code, pktz->cfg.unpack_nal_start); p += pktz->cfg.unpack_nal_start; @@ -444,7 +447,7 @@ PJ_DEF(pj_status_t) pjmedia_h264_unpacketize(pjmedia_h264_packetizer *pktz, /* Get NAL unit size */ tmp_nal_size = (*q << 8) | *(q+1); q += 2; - if (q + tmp_nal_size > q_end) { + if (p + tmp_nal_size > p_end || q + tmp_nal_size > q_end) { /* Invalid bitstream, discard the rest of the payload */ return PJ_EINVAL; } From 874ca0dfd631eb44785e519461379a027e335fd7 Mon Sep 17 00:00:00 2001 From: sauwming Date: Tue, 14 Mar 2023 10:59:00 +0800 Subject: [PATCH 2/4] Fixed pjsua app cli redirection answer (3xx) (#3437) --- pjsip-apps/src/pjsua/pjsua_app_cli.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pjsip-apps/src/pjsua/pjsua_app_cli.c b/pjsip-apps/src/pjsua/pjsua_app_cli.c index 059573722..e3d49e2bb 100644 --- a/pjsip-apps/src/pjsua/pjsua_app_cli.c +++ b/pjsip-apps/src/pjsua/pjsua_app_cli.c @@ -1599,7 +1599,6 @@ static pj_status_t cmd_answer_call(pj_cli_cmd_val *cval) } else { int st_code; - char contact[120]; pj_str_t hname = { "Contact", 7 }; pj_str_t hvalue; pjsip_generic_string_hdr hcontact; @@ -1618,7 +1617,7 @@ static pj_status_t cmd_answer_call(pj_cli_cmd_val *cval) return PJ_SUCCESS; } - hvalue = pj_str(contact); + hvalue = cval->argv[2]; pjsip_generic_string_hdr_init2(&hcontact, &hname, &hvalue); pj_list_push_back(&msg_data.hdr_list, &hcontact); From dfe315ac5fcf0ea049c18e61a847c6d7e7d7c2ce Mon Sep 17 00:00:00 2001 From: jimying Date: Tue, 14 Mar 2023 17:36:44 +0800 Subject: [PATCH 3/4] makefile: use $(MAKE) replace make (for BSD compatibility) (#3436) --- Makefile | 4 ++-- build/rules.mak | 2 +- self-test.mak | 12 ++++++------ 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Makefile b/Makefile index ec285aa2b..2d5c31c90 100644 --- a/Makefile +++ b/Makefile @@ -125,10 +125,10 @@ pjsua-test: cmp_wav cd tests/pjsua && python runall.py -t 2 cmp_wav: - cd tests/pjsua/tools && make + $(MAKE) -C tests/pjsua/tools fuzz: - cd tests/fuzz && make + $(MAKE) -C tests/fuzz install: mkdir -p $(DESTDIR)$(libdir)/ diff --git a/build/rules.mak b/build/rules.mak index eeb6996d8..a7735d08e 100644 --- a/build/rules.mak +++ b/build/rules.mak @@ -149,7 +149,7 @@ $(OBJDIR)/$(app).ko: $(OBJDIR)/$(app).o | $(OBJDIRS) @echo all: >> $(OBJDIR)/Makefile @echo -e "\tmake -C $(KERNEL_DIR) M=`pwd`/$(OBJDIR) modules $(KERNEL_ARCH)" >> $(OBJDIR)/Makefile @echo Invoking kbuild... - make -C $(OBJDIR) + $(MAKE) -C $(OBJDIR) ../lib/$(app).ko: $(LIB) $(OBJDIR)/$(app).ko cp $(OBJDIR)/$(app).ko ../lib diff --git a/self-test.mak b/self-test.mak index 7685f9eff..6ec22fdf8 100644 --- a/self-test.mak +++ b/self-test.mak @@ -23,17 +23,17 @@ CPP_DIR=pjlib pjlib-util pjnath pjmedia pjsip .PHONY: build_test distclean rm_build_mak build_mak everything pjlib_test pjlib_util_test pjnath_test pjsip_test cpp_prep cpp_test cpp_post pjsua_test distclean: - make distclean + $(MAKE) distclean rm_build_mak: rm -f build.mak build_mak: ./configure - make dep + $(MAKE) dep everything: - make + $(MAKE) pjlib_test: cd pjlib/bin && ./pjlib-test-`../../config.guess` @@ -49,14 +49,14 @@ pjsip_test: cpp_prep: for dir in $(CPP_DIR); do \ - make -C $$dir/build clean; \ + $(MAKE) -C $$dir/build clean; \ done cpp_test: - make -f c++-build.mak + $(MAKE) -f c++-build.mak cpp_post: - make -f c++-build.mak clean + $(MAKE) -f c++-build.mak clean pjsua_test: pjsua_config_file pjsua_local_port0 pjsua_ip_addr pjsua_no_tcp pjsua_no_udp pjsua_outbound pjsua_use_ice pjsua_add_codec pjsua_clock_rate pjsua_play_file pjsua_play_tone pjsua_rec_file pjsua_rtp_port pjsua_quality pjsua_ptime pjsua_ectail @echo pjsua_test completed successfully From 8c41a770fe21d982ec911a6508fb56d15bc5cf29 Mon Sep 17 00:00:00 2001 From: jimying Date: Tue, 14 Mar 2023 18:33:54 +0800 Subject: [PATCH 4/4] Use PJ_ARRAY_SIZE() replace sizeof()/sizeof() (#3439) --- pjlib-util/src/pjlib-util-test/xml.c | 2 +- pjlib-util/src/pjlib-util/cli.c | 2 +- pjlib/src/pj/errno.c | 2 +- pjlib/src/pj/ssl_sock_apple.m | 4 ++-- pjlib/src/pjlib-test/ioq_perf.c | 2 +- pjlib/src/pjlib-test/sock.c | 3 +-- pjmedia/src/pjmedia-codec/silk.c | 3 +-- pjmedia/src/pjmedia-videodev/colorbar_dev.c | 6 +++--- pjmedia/src/pjmedia-videodev/dshow_dev.c | 9 ++++----- pjmedia/src/pjmedia-videodev/sdl_dev.c | 2 +- pjmedia/src/pjmedia/avi_player.c | 8 +++----- pjmedia/src/pjmedia/transport_srtp.c | 4 ++-- pjmedia/src/test/sdptest.c | 2 +- pjsip-apps/src/samples/aviplay.c | 4 ++-- pjsip/src/pjsip/sip_msg.c | 3 +-- 15 files changed, 25 insertions(+), 31 deletions(-) diff --git a/pjlib-util/src/pjlib-util-test/xml.c b/pjlib-util/src/pjlib-util-test/xml.c index aac987ff5..851424eb6 100644 --- a/pjlib-util/src/pjlib-util-test/xml.c +++ b/pjlib-util/src/pjlib-util-test/xml.c @@ -126,7 +126,7 @@ static int xml_parse_print_test(const char *doc) int xml_test() { unsigned i; - for (i=0; iroot.sub_cmd); /* Register some standard commands. */ - for (i = 0; i < sizeof(cmd_xmls)/sizeof(cmd_xmls[0]); i++) { + for (i = 0; i < PJ_ARRAY_SIZE(cmd_xmls); i++) { pj_str_t xml = pj_str(cmd_xmls[i]); if (pj_cli_add_cmd_from_xml(cli, NULL, &xml, diff --git a/pjlib/src/pj/errno.c b/pjlib/src/pj/errno.c index aabfa6cbe..b0557dff5 100644 --- a/pjlib/src/pj/errno.c +++ b/pjlib/src/pj/errno.c @@ -95,7 +95,7 @@ static int pjlib_error(pj_status_t code, char *buf, pj_size_t size) #if defined(PJ_HAS_ERROR_STRING) && PJ_HAS_ERROR_STRING!=0 unsigned i; - for (i=0; i= size) len2 = size-1; diff --git a/pjlib/src/pj/ssl_sock_apple.m b/pjlib/src/pj/ssl_sock_apple.m index 1bba78da7..046a15fc1 100644 --- a/pjlib/src/pj/ssl_sock_apple.m +++ b/pjlib/src/pj/ssl_sock_apple.m @@ -1766,8 +1766,8 @@ static void ssl_ciphers_populate(void) }; if (!ssl_cipher_num) { unsigned i; - - ssl_cipher_num = sizeof(ciphers)/sizeof(ciphers[0]); + + ssl_cipher_num = PJ_ARRAY_SIZE(ciphers); for (i = 0; i < ssl_cipher_num; i++) { ssl_ciphers[i].id = (pj_ssl_cipher)ciphers[i]; ssl_ciphers[i].name = sslGetCipherSuiteString(ciphers[i]); diff --git a/pjlib/src/pjlib-test/ioq_perf.c b/pjlib/src/pjlib-test/ioq_perf.c index e980c25d2..87615fe28 100644 --- a/pjlib/src/pjlib-test/ioq_perf.c +++ b/pjlib/src/pjlib-test/ioq_perf.c @@ -549,7 +549,7 @@ static int ioqueue_perf_test_imp(const pj_ioqueue_cfg *cfg) PJ_LOG(3,(THIS_FILE, " =======================================")); best_bandwidth = 0; - for (i=0; i<(int)(sizeof(test_param)/sizeof(test_param[0])); ++i) { + for (i=0; i<(int)PJ_ARRAY_SIZE(test_param); ++i) { pj_size_t bandwidth; rc = perform_test(cfg, diff --git a/pjlib/src/pjlib-test/sock.c b/pjlib/src/pjlib-test/sock.c index 5ccfa8177..db752578a 100644 --- a/pjlib/src/pjlib-test/sock.c +++ b/pjlib/src/pjlib-test/sock.c @@ -444,8 +444,7 @@ static int simple_sock_test(void) PJ_LOG(3,("test", "...simple_sock_test()")); - for (i=0; i<(int)(sizeof(types)/sizeof(types[0])); ++i) { - + for (i=0; i<(int)PJ_ARRAY_SIZE(types); ++i) { rc = pj_sock_socket(pj_AF_INET(), types[i], 0, &sock); if (rc != PJ_SUCCESS) { app_perror("...error: unable to create socket", rc); diff --git a/pjmedia/src/pjmedia-codec/silk.c b/pjmedia/src/pjmedia-codec/silk.c index 8412ec1bd..66050704e 100644 --- a/pjmedia/src/pjmedia-codec/silk.c +++ b/pjmedia/src/pjmedia-codec/silk.c @@ -307,8 +307,7 @@ PJ_DEF(pj_status_t) pjmedia_codec_silk_set_config( unsigned i; /* Look up in factory modes table */ - for (i = 0; i < sizeof(silk_factory.silk_param)/ - sizeof(silk_factory.silk_param[0]); ++i) + for (i = 0; i < PJ_ARRAY_SIZE(silk_factory.silk_param); ++i) { if (silk_factory.silk_param[i].clock_rate == clock_rate) { int quality = PJMEDIA_CODEC_SILK_DEFAULT_QUALITY; diff --git a/pjmedia/src/pjmedia-videodev/colorbar_dev.c b/pjmedia/src/pjmedia-videodev/colorbar_dev.c index 34968e23a..577857363 100644 --- a/pjmedia/src/pjmedia-videodev/colorbar_dev.c +++ b/pjmedia/src/pjmedia-videodev/colorbar_dev.c @@ -210,7 +210,7 @@ static pj_status_t cbar_factory_init(pjmedia_vid_dev_factory *f) ddi->info.has_callback = PJ_FALSE; ddi->info.caps = PJMEDIA_VID_DEV_CAP_FORMAT; - ddi->info.fmt_cnt = sizeof(cbar_fmts)/sizeof(cbar_fmts[0]); + ddi->info.fmt_cnt = PJ_ARRAY_SIZE(cbar_fmts); for (i = 0; i < ddi->info.fmt_cnt; i++) { pjmedia_format *fmt = &ddi->info.fmt[i]; pjmedia_format_init_video(fmt, cbar_fmts[i].fmt_id, @@ -230,7 +230,7 @@ static pj_status_t cbar_factory_init(pjmedia_vid_dev_factory *f) ddi->info.has_callback = PJ_TRUE; ddi->info.caps = PJMEDIA_VID_DEV_CAP_FORMAT; - ddi->info.fmt_cnt = sizeof(cbar_fmts)/sizeof(cbar_fmts[0]); + ddi->info.fmt_cnt = PJ_ARRAY_SIZE(cbar_fmts); for (i = 0; i < ddi->info.fmt_cnt; i++) { pjmedia_format *fmt = &ddi->info.fmt[i]; pjmedia_format_init_video(fmt, cbar_fmts[i].fmt_id, @@ -313,7 +313,7 @@ static const struct cbar_fmt_info* get_cbar_fmt_info(pjmedia_format_id id) { unsigned i; - for (i = 0; i < sizeof(cbar_fmts)/sizeof(cbar_fmts[0]); i++) { + for (i = 0; i < PJ_ARRAY_SIZE(cbar_fmts); i++) { if (cbar_fmts[i].fmt_id == id) return &cbar_fmts[i]; } diff --git a/pjmedia/src/pjmedia-videodev/dshow_dev.c b/pjmedia/src/pjmedia-videodev/dshow_dev.c index 1b0298c17..1939b4226 100644 --- a/pjmedia/src/pjmedia-videodev/dshow_dev.c +++ b/pjmedia/src/pjmedia-videodev/dshow_dev.c @@ -328,11 +328,10 @@ static void enum_dev_cap(IBaseFilter *filter, if (FAILED (hr)) continue; - nformat = (dshow_fmt? 1: - sizeof(dshow_fmts)/sizeof(dshow_fmts[0])); + nformat = (dshow_fmt ? 1 : PJ_ARRAY_SIZE(dshow_fmts)); for (j = 0; j < nformat; j++) { const GUID *dshow_format = dshow_fmt; - + if (!dshow_format) dshow_format = dshow_fmts[j].dshow_format; if (UuidCompare(&mediatype->subtype, @@ -414,7 +413,7 @@ static pj_status_t dshow_factory_refresh(pjmedia_vid_dev_factory *f) df->dev_pool = NULL; } - for (c = 0; c < sizeof(dshow_fmts) / sizeof(dshow_fmts[0]); c++) { + for (c = 0; c < PJ_ARRAY_SIZE(dshow_fmts); c++) { dshow_fmts[c].enabled = PJ_FALSE; } @@ -670,7 +669,7 @@ static dshow_fmt_info* get_dshow_format_info(pjmedia_format_id id) { unsigned i; - for (i = 0; i < sizeof(dshow_fmts)/sizeof(dshow_fmts[0]); i++) { + for (i = 0; i < PJ_ARRAY_SIZE(dshow_fmts); i++) { if (dshow_fmts[i].pjmedia_format == id && dshow_fmts[i].enabled) return &dshow_fmts[i]; } diff --git a/pjmedia/src/pjmedia-videodev/sdl_dev.c b/pjmedia/src/pjmedia-videodev/sdl_dev.c index a95a34b2e..10998bd7c 100644 --- a/pjmedia/src/pjmedia-videodev/sdl_dev.c +++ b/pjmedia/src/pjmedia-videodev/sdl_dev.c @@ -632,7 +632,7 @@ static sdl_fmt_info* get_sdl_format_info(pjmedia_format_id id) { unsigned i; - for (i = 0; i < sizeof(sdl_fmts)/sizeof(sdl_fmts[0]); i++) { + for (i = 0; i < PJ_ARRAY_SIZE(sdl_fmts); i++) { if (sdl_fmts[i].fmt_id == id) return &sdl_fmts[i]; } diff --git a/pjmedia/src/pjmedia/avi_player.c b/pjmedia/src/pjmedia/avi_player.c index 892dbe07d..638634952 100644 --- a/pjmedia/src/pjmedia/avi_player.c +++ b/pjmedia/src/pjmedia/avi_player.c @@ -305,13 +305,11 @@ pjmedia_avi_player_create_streams(pj_pool_t *pool, /* Normalize the endian */ if (elem == sizeof(strf_video_hdr_t)) data_to_host2(&avi_hdr.strf_hdr[i], - sizeof(strf_video_hdr_sizes)/ - sizeof(strf_video_hdr_sizes[0]), + PJ_ARRAY_SIZE(strf_video_hdr_sizes), strf_video_hdr_sizes); else if (elem == sizeof(strf_audio_hdr_t)) data_to_host2(&avi_hdr.strf_hdr[i], - sizeof(strf_audio_hdr_sizes)/ - sizeof(strf_audio_hdr_sizes[0]), + PJ_ARRAY_SIZE(strf_audio_hdr_sizes), strf_audio_hdr_sizes); /* Skip the remainder of the header */ @@ -395,7 +393,7 @@ pjmedia_avi_player_create_streams(pj_pool_t *pool, } fmt_id = avi_hdr.strl_hdr[i].codec; - for (j = sizeof(avi_fmts)/sizeof(avi_fmts[0])-1; j >= 0; j--) { + for (j = (int)PJ_ARRAY_SIZE(avi_fmts)-1; j >= 0; j--) { /* Check supported video formats here */ if (fmt_id == avi_fmts[j].fmt_id) { if (avi_fmts[j].eff_fmt_id) diff --git a/pjmedia/src/pjmedia/transport_srtp.c b/pjmedia/src/pjmedia/transport_srtp.c index 05103d29d..e390ce02b 100644 --- a/pjmedia/src/pjmedia/transport_srtp.c +++ b/pjmedia/src/pjmedia/transport_srtp.c @@ -588,7 +588,7 @@ static void pjmedia_srtp_deinit_lib(pjmedia_endpt *endpt) static int get_crypto_idx(const pj_str_t* crypto_name) { int i; - int cs_cnt = sizeof(crypto_suites)/sizeof(crypto_suites[0]); + int cs_cnt = PJ_ARRAY_SIZE(crypto_suites); /* treat unspecified crypto_name as crypto 'NULL' */ if (crypto_name->slen == 0) @@ -645,7 +645,7 @@ PJ_DEF(pj_status_t) pjmedia_srtp_enum_crypto(unsigned *count, PJ_ASSERT_RETURN(count && crypto, PJ_EINVAL); - max = sizeof(crypto_suites) / sizeof(crypto_suites[0]) - 1; + max = PJ_ARRAY_SIZE(crypto_suites) - 1; if (*count > max) *count = max; diff --git a/pjmedia/src/test/sdptest.c b/pjmedia/src/test/sdptest.c index e7c661924..66a8ea8d8 100644 --- a/pjmedia/src/test/sdptest.c +++ b/pjmedia/src/test/sdptest.c @@ -96,7 +96,7 @@ static int sdp_conform_test(pj_pool_factory *pf) int i, len; char buf[1500]; - for (i=0; iinfo.fmt.id == codec_fmts[i].pjmedia_id) { codecp = &codec_fmts[i]; break; diff --git a/pjsip/src/pjsip/sip_msg.c b/pjsip/src/pjsip/sip_msg.c index c375ca9b1..cf0a4e00b 100644 --- a/pjsip/src/pjsip/sip_msg.c +++ b/pjsip/src/pjsip/sip_msg.c @@ -641,8 +641,7 @@ PJ_DEF(const pj_str_t*) pjsip_get_status_text(int code) init_status_phrase(); } - return (code>=100 && - code<(int)(sizeof(status_phrase)/sizeof(status_phrase[0]))) ? + return (code>=100 && code<(int)PJ_ARRAY_SIZE(status_phrase)) ? &status_phrase[code] : &status_phrase[0]; }