agent: Check STUN buffer is non-NULL before getting its message ID

This should fix a crash, as detected by Valgrind: ==28354== Invalid read of size 2 ==28354== at 0x4C2B5B0: memcpy@@GLIBC_2.14 (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==28354== by 0x50C17E2: stun_message_id (stunmessage.c:658) ==28354== by 0x509E4E7: candidate_check_pair_fail (conncheck.c:254) ==28354== by 0x50A4EDB: conn_check_prune_socket (conncheck.c:3145) ==28354== by 0x509B6F8: component_io_cb (agent.c:3951)
author: Philip Withnall <philip.withnall@collabora.co.uk> 2014-09-25 09:22:26 +0100
committer: Philip Withnall <philip.withnall@collabora.co.uk> 2014-09-25 09:54:19 +0100
commit: ec3783f7695dbe8a70a87e6940c03af2bb50cbd8 (patch)
tree: 6fc7221b03d54e4df65d01d607c65677b4019c77 /agent/conncheck.c
parent: a8ec764adb5b8b65f5a6eaae1ab4c87f4341d802 (diff)
download: libnice-ec3783f7695dbe8a70a87e6940c03af2bb50cbd8.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/agent/conncheck.c b/agent/conncheck.c
index 17f4b75..3722947 100644
--- a/agent/conncheck.c
+++ b/agent/conncheck.c
@@ -252,8 +252,10 @@ candidate_check_pair_fail (Stream *stream, NiceAgent *agent, CandidateCheckPair
   p->state = NICE_CHECK_FAILED;
   nice_debug ("Agent %p : pair %p state FAILED", agent, p);
 
-  stun_message_id (&p->stun_message, id);
-  stun_agent_forget_transaction (&component->stun_agent, id);
+  if (p->stun_message.buffer != NULL) {
+    stun_message_id (&p->stun_message, id);
+    stun_agent_forget_transaction (&component->stun_agent, id);
+  }
 
   p->stun_message.buffer = NULL;
   p->stun_message.buffer_len = 0;
author	Philip Withnall <philip.withnall@collabora.co.uk>	2014-09-25 09:22:26 +0100
committer	Philip Withnall <philip.withnall@collabora.co.uk>	2014-09-25 09:54:19 +0100
commit	ec3783f7695dbe8a70a87e6940c03af2bb50cbd8 (patch)
tree	6fc7221b03d54e4df65d01d607c65677b4019c77 /agent/conncheck.c
parent	a8ec764adb5b8b65f5a6eaae1ab4c87f4341d802 (diff)
download	libnice-ec3783f7695dbe8a70a87e6940c03af2bb50cbd8.tar.gz