[h323plus] Double-delete Capability bug

Iurii Gordiienko hordi at ukr.net
Fri Jan 8 11:03:38 EST 2016


Hi, 
I have found something... For H323ExtendedVideoCapability::AddAllCapabilities function we are using H323CodecExtendedVideoCapability::AddCapability function for extCapability->AddCapability(*r). H323CodecExtendedVideoCapability::AddCapability function uses extCapabilities.Add(H323ExtendedVideoFactory::CreateInstance(cap)) function. The function H323ExtendedVideoFactory::CreateInstance(cap) will call "new" if any same "cap" does not is exists for now< for other case it will return the pointer to current actual Capability. But H323CodecExtendedVideoCapability::extCapabilities will delete all items in time of execution  extCapabilities.RemoveAll() function from H323CodecExtendedVideoCapability::~H323CodecExtendedVideoCapability(). In result we have "double delete" and undefined behavior (crash for worst case). 

-------------------------------- 
void H323ExtendedVideoCapability::AddAllCapabilities(       H323Capabilities & basecapabilities, PINDEX descriptorNum,PINDEX simultaneous) {   H323ExtendedVideoFactory::KeyList_T extCaps = H323ExtendedVideoFactory::GetKeyList();   if (extCaps.size() > 0) {     H323CodecExtendedVideoCapability * capability = new H323CodecExtendedVideoCapability();     H323ExtendedVideoFactory::KeyList_T::const_iterator r;         PINDEX num = P_MAX_INDEX;         for (r = extCaps.begin(); r != extCaps.end(); ++r) {            H323CodecExtendedVideoCapability * extCapability = (H323CodecExtendedVideoCapability *)capability->Clone();            extCapability->AddCapability(*r);            num = basecapabilities.SetCapability(descriptorNum, simultaneous,extCapability);            simultaneous = num;         }     simultaneous = P_MAX_INDEX;     basecapabilities.SetCapability(descriptorNum, simultaneous,new H323ControlExtendedVideoCapability());     delete capability;   }  } 
void H323CodecExtendedVideoCapability::AddCapability(const PString & cap) {     extCapabilities.Add(H323ExtendedVideoFactory::CreateInstance(cap)); } 

------------------------------------------------- 
I propose to replace the "void H323CodecExtendedVideoCapability::AddCapability(const PString & cap)" to this one: 
void H323CodecExtendedVideoCapability::AddCapability(const PString & cap) {     extCapabilities.Add(H323ExtendedVideoFactory::CreateInstance(cap)->clone()); } 



Thanks -- Iurii Gordiienko 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.packetizer.com/pipermail/h323plus/attachments/20160108/7cb39106/attachment-0001.html>


More information about the h323plus mailing list