[pjsip] Bug in pjmedia_rtp_decode_rtp (rtp.c)?

Thomas Falk thfalk at gmail.com
Thu Aug 20 08:16:15 EDT 2009


Hello,

I have send this some time ago, but got no answer and nothing happend.

I'm using an extended header in the rtp transfer of audio data. As I
have found, the code in
the function pjmedia_rtp_decode_rtp (in pjmedia/src/pjmedia/rtp.c)
calculates the size of the extended header in the wrong way.

The following code calculates the offset of the payload after the
extended header:

Line 169:
   /* Adjust offset if RTP extension is used. */
   if ((*hdr)->x) {
       pjmedia_rtp_ext_hdr *ext = (pjmedia_rtp_ext_hdr*)
                                   (((pj_uint8_t*)pkt) + offset);
       offset += (pj_ntohs(ext->length) * sizeof(pj_uint32_t));
   }

According to RFC 3550 the length of the extended header may be 0, even
if there is an extended header. In this case the exented header
consist of the extension header (32 bit) only.

In the above code ext->length is this length of the extended header.
If there is an extended header the offset must be calculated to at
least 1.

Here is the patch I'm using with pjmedia-1.3, the same applies to v1.4:

Index: ../third_party/pjproject-1.3/pjmedia/src/pjmedia/rtp.c
===================================================================
--- ../third_party/pjproject-1.3/pjmedia/src/pjmedia/rtp.c	(revision 4031)
+++ ../third_party/pjproject-1.3/pjmedia/src/pjmedia/rtp.c	(working copy)
@@ -170,7 +170,7 @@
     if ((*hdr)->x) {
 	pjmedia_rtp_ext_hdr *ext = (pjmedia_rtp_ext_hdr*)
 				    (((pj_uint8_t*)pkt) + offset);
-	offset += (pj_ntohs(ext->length) * sizeof(pj_uint32_t));
+	offset += ((pj_ntohs(ext->length)+1) * sizeof(pj_uint32_t));
     }

Best regards,

Thomas Falk




More information about the pjsip mailing list