From 28825d04dcbf6acbeda96818c845d0d6da00a436 Mon Sep 17 00:00:00 2001
From: Richard Fuchs <rfuchs@sipwise.com>
Date: Fri, 25 Feb 2022 14:04:10 -0500
Subject: [PATCH] TT#14008 fix possible use-after-free

Change-Id: I454d07f339e689bbc349ffef774ded6ef163e985
(cherry picked from commit aae30a4f72ffbe15a9a59b5cbd3b83faecdeec6f)
---
 daemon/codec.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/daemon/codec.c b/daemon/codec.c
index f82c21999..062e17fb1 100644
--- a/daemon/codec.c
+++ b/daemon/codec.c
@@ -1407,6 +1407,9 @@ static int __handler_func_sequencer(struct media_packet *mp, struct transcode_pa
 		return 0;
 	}
 
+	// save RTP pointer - we clobber it below XXX this shouldn't be necessary to do
+	struct rtp_header *orig_rtp = mp->rtp;
+
 	packet->p.seq = ntohs(mp->rtp->seq_num);
 	packet->payload = str_dup(&mp->payload);
 	uint32_t packet_ts = ntohl(mp->rtp->timestamp);
@@ -1523,6 +1526,8 @@ out_ch:
 	if (ch)
 		obj_put(&ch->h);
 
+	mp->rtp = orig_rtp;
+
 	return 0;
 }