[Live-devel] MediaSession fRTPSocket double free bug fix
ChanMin Kim
cmkim at n3n.co.kr
Wed Dec 18 22:44:57 PST 2013
from 'liveMedia/MediaSession.cpp'
------------------------
} else {
// We couldn't create the RTCP socket (perhaps that port number's
already in use elsewhere?)
delete fRTCPSocket;
// Record the first socket in our table, and keep trying:
unsigned key = (unsigned)fClientPortNum;
------------------------
There must be fRTCPSocket = NULL; after delete.
One scenario double free could happen is as follows:
1. 'delete fRTCPSocket;' from the above was called
2. getSourcePort() have failed
3. delete fRTCPSocket again outside the while loop.
The scenario actually happened to me.
More information about the live-devel
mailing list