From 51904df21a918d3e8148bd0e5ea5f5b9ce30e5d6 Mon Sep 17 00:00:00 2001 From: Chris Rienzo Date: Tue, 11 Aug 2020 23:32:21 +0000 Subject: [PATCH] [core] Fix jitter buffer- it is not truncating frames properly. It is also overflowing the node packet body and is copying the packet body twice. Remove magic numbers and replace with constant. --- src/include/switch_rtp.h | 2 ++ src/switch_jitterbuffer.c | 17 ++++++----------- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/src/include/switch_rtp.h b/src/include/switch_rtp.h index 96ea2135f3..3da7254e91 100644 --- a/src/include/switch_rtp.h +++ b/src/include/switch_rtp.h @@ -41,9 +41,11 @@ SWITCH_BEGIN_EXTERN_C +#define SWITCH_RTP_HEADER_LEN sizeof(switch_rtp_hdr_t) #define SWITCH_RTP_MAX_BUF_LEN 16384 #define SWITCH_RTCP_MAX_BUF_LEN 16384 #define SWITCH_RTP_MAX_BUF_LEN_WORDS 4094 /* (max / 4) - 2 */ +#define SWITCH_RTP_MAX_PACKET_LEN (SWITCH_RTP_MAX_BUF_LEN + SWITCH_RTP_HEADER_LEN) //#define SWITCH_RTP_KEY_LEN 30 //#define SWITCH_RTP_CRYPTO_KEY_32 "AES_CM_128_HMAC_SHA1_32" #define SWITCH_RTP_CRYPTO_KEY_80 "AES_CM_128_HMAC_SHA1_80" diff --git a/src/switch_jitterbuffer.c b/src/switch_jitterbuffer.c index 54e9fc1c5e..d68b269024 100644 --- a/src/switch_jitterbuffer.c +++ b/src/switch_jitterbuffer.c @@ -640,7 +640,6 @@ static inline void add_node(switch_jb_t *jb, switch_rtp_packet_t *packet, switch node->packet = *packet; node->len = len; - memcpy(node->packet.body, packet->body, len); switch_core_inthash_insert(jb->node_hash, node->packet.header.seq, node); @@ -1006,10 +1005,10 @@ SWITCH_DECLARE(switch_status_t) switch_jb_peek_frame(switch_jb_t *jb, uint32_t t frame->seq = ntohs(node->packet.header.seq); frame->timestamp = ntohl(node->packet.header.ts); frame->m = node->packet.header.m; - frame->datalen = node->len - 12; + frame->datalen = node->len - SWITCH_RTP_HEADER_LEN; - if (frame->data && frame->buflen > node->len - 12) { - memcpy(frame->data, node->packet.body, node->len - 12); + if (frame->data && frame->buflen > node->len - SWITCH_RTP_HEADER_LEN) { + memcpy(frame->data, node->packet.body, node->len - SWITCH_RTP_HEADER_LEN); } return SWITCH_STATUS_SUCCESS; } @@ -1221,9 +1220,9 @@ SWITCH_DECLARE(switch_status_t) switch_jb_put_packet(switch_jb_t *jb, switch_rtp uint32_t i; uint16_t want = ntohs(jb->next_seq), got = ntohs(packet->header.seq); - if (len >= sizeof(switch_rtp_packet_t)) { - switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "trying to put %" SWITCH_SIZE_T_FMT " bytes exceeding buffer, truncate to %" SWITCH_SIZE_T_FMT "\n", len, sizeof(switch_rtp_packet_t)); - len = sizeof(switch_rtp_packet_t); + if (len >= SWITCH_RTP_MAX_PACKET_LEN) { + switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "trying to put %" SWITCH_SIZE_T_FMT " bytes exceeding buffer, truncate to %" SWITCH_SIZE_T_FMT "\n", len, SWITCH_RTP_MAX_PACKET_LEN); + len = SWITCH_RTP_MAX_PACKET_LEN; } switch_mutex_lock(jb->mutex); @@ -1279,7 +1278,6 @@ SWITCH_DECLARE(switch_status_t) switch_jb_put_packet(switch_jb_t *jb, switch_rtp } } - add_node(jb, packet, len); if (switch_test_flag(jb, SJB_QUEUE_ONLY) && jb->max_packet_len && jb->max_frame_len * 2 > jb->max_packet_len && @@ -1307,7 +1305,6 @@ SWITCH_DECLARE(switch_status_t) switch_jb_get_packet_by_seq(switch_jb_t *jb, uin jb_debug(jb, 2, "Found buffered seq: %u\n", ntohs(seq)); *packet = node->packet; *len = node->len; - memcpy(packet->body, node->packet.body, node->len); packet->header.version = 2; status = SWITCH_STATUS_SUCCESS; } else { @@ -1461,7 +1458,6 @@ SWITCH_DECLARE(switch_status_t) switch_jb_get_packet(switch_jb_t *jb, switch_rtp *packet = node->packet; *len = node->len; jb->last_len = *len; - memcpy(packet->body, node->packet.body, node->len); packet->header.version = 2; hide_node(node, SWITCH_TRUE); @@ -1505,7 +1501,6 @@ SWITCH_DECLARE(switch_status_t) switch_jb_get_packet(switch_jb_t *jb, switch_rtp return status; } - /* For Emacs: * Local Variables: * mode:c