rohc

Decompressor contexts incorrectly preserved if MAX_CID is changed

Bug #1094452 reported by Didier Barvaux
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
rohc
Status tracked in Rohc-main
1.3.x
Invalid
Undecided
Didier Barvaux
rohc 1.3.5
1.4.x
Invalid
Undecided
Didier Barvaux
rohc 1.4.3
Rohc-1.5.x
Fix Released
High
Didier Barvaux
rohc 1.5.2
Rohc-main
Fix Released
High
Didier Barvaux
rohc 1.6.0

Bug Description

When MAX_CID is changed at decompressor (through the rohc_decomp_set_max_cid() function), the array of decompression contexts is either enlarged or reduced. Some existing contexts (minimum of the old and new MAX_CID) can be preserved. The decompressor fails to do it correctly because the memcpy is too short:

  memcpy(new_contexts, decomp->contexts,
                   rohc_min(decomp->medium.max_cid, max_cid) + 1);

The * sizeof(struct d_context *) is missing. Thanks to Yura for finding this problem.

Tags: library
Revision history for this message
Didier Barvaux (didier-barvaux) wrote :

Confirmed on main branch.

Revision history for this message
Didier Barvaux (didier-barvaux) wrote :

Confirmed on 1.5.x branch.

Revision history for this message
Didier Barvaux (didier-barvaux) wrote :

Branch 1.4.x is not affected.

Revision history for this message
Didier Barvaux (didier-barvaux) wrote :

Branch 1.3.x is not affected.

Revision history for this message
Didier Barvaux (didier-barvaux) wrote :

Fixed in branch 1.5.x. See http://bazaar.launchpad.net/~didier-barvaux/rohc/1.5.x/revision/554

Revision history for this message
Didier Barvaux (didier-barvaux) wrote :

Fixed on main branch. See http://bazaar.launchpad.net/~didier-barvaux/rohc/main/revision/643

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.