From b27ac5b5c6ed498d347b52595e2953d77e6355a2 Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Wed, 11 Oct 2023 12:37:29 -0400 Subject: [PATCH] MT#55283 fix possible NULL dereferences Change-Id: I4abd23c834d133c8f20f0a8038a78aa214cbc879 (cherry picked from commit 5171fd890190f6c3e1238487e913699a73166518) --- daemon/call.c | 24 ++++++++++++++++-------- daemon/rtcp.c | 2 ++ 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/daemon/call.c b/daemon/call.c index f6c349d57..c423e6a87 100644 --- a/daemon/call.c +++ b/daemon/call.c @@ -2925,27 +2925,35 @@ static int __media_init_from_flags(struct call_media *other_media, struct call_m if (flags) { switch (flags->media_echo) { case MEO_FWD: - MEDIA_SET(media, ECHO); + if (media) { + MEDIA_SET(media, ECHO); + MEDIA_CLEAR(media, BLACKHOLE); + } MEDIA_SET(other_media, BLACKHOLE); - MEDIA_CLEAR(media, BLACKHOLE); MEDIA_CLEAR(other_media, ECHO); break; case MEO_BKW: - MEDIA_SET(media, BLACKHOLE); + if (media) { + MEDIA_SET(media, BLACKHOLE); + MEDIA_CLEAR(media, ECHO); + } MEDIA_SET(other_media, ECHO); - MEDIA_CLEAR(media, ECHO); MEDIA_CLEAR(other_media, BLACKHOLE); break; case MEO_BOTH: - MEDIA_SET(media, ECHO); + if (media) { + MEDIA_SET(media, ECHO); + MEDIA_CLEAR(media, BLACKHOLE); + } MEDIA_SET(other_media, ECHO); - MEDIA_CLEAR(media, BLACKHOLE); MEDIA_CLEAR(other_media, BLACKHOLE); break; case MEO_BLACKHOLE: - MEDIA_SET(media, BLACKHOLE); + if (media) { + MEDIA_SET(media, BLACKHOLE); + MEDIA_CLEAR(media, ECHO); + } MEDIA_SET(other_media, BLACKHOLE); - MEDIA_CLEAR(media, ECHO); MEDIA_CLEAR(other_media, ECHO); case MEO_DEFAULT: break; diff --git a/daemon/rtcp.c b/daemon/rtcp.c index f39f4a646..d599cd8a0 100644 --- a/daemon/rtcp.c +++ b/daemon/rtcp.c @@ -1322,6 +1322,8 @@ static void transcode_rr(struct rtcp_process_ctx *ctx, struct report_block *rr) struct ssrc_ctx *input_ctx = get_ssrc_ctx(map_ctx->ssrc_map_out, ctx->mp->media_out->monologue->ssrc_hash, SSRC_DIR_INPUT, NULL); + if (!input_ctx) + return; // substitute our own values