Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] srtp will crash on 64 bit big-endian machine #636

Closed
xia-chu opened this issue Aug 13, 2021 · 5 comments · Fixed by #637
Closed

[Bug] srtp will crash on 64 bit big-endian machine #636

xia-chu opened this issue Aug 13, 2021 · 5 comments · Fixed by #637
Assignees
@ibc @jmillan
Labels
bug

Comments

@xia-chu
Copy link

xia-chu commented Aug 13, 2021
edited
Loading

Bug Report

Srtp will crash on 64 bit big-endian machine

Your environment

  • Operating system: some 64 bit system
  • Cpu: some big-endian machine

Issue description

These code my cause crash:

mediasoup/worker/src/RTC/SrtpSession.cpp

Line 164 in 73ec18a

srtp_protect(this->session, static_cast<void*>(EncryptBuffer), reinterpret_cast<int*>(len));

The len parameter is the type ofsize_t*, which on 64 bit environment, it is a 64 bit integer number。
But int usually will be 32 bit long, if we take address of 64 bit integer number as int * on big-endian machine,
we will take the address of its high 4 bytes。If srtp write vlaue 1024 to it, the vlaue of len will be 1024 << 32.
@xia-chu xia-chu added the bug label Aug 13, 2021
@xia-chu xia-chu changed the title [Bug] srtp will crash on 64 bit big-endian [Bug] srtp will crash on 64 bit big-endian machine Aug 13, 2021
@ibc
Copy link
Member

ibc commented Aug 13, 2021

Thanks a lot. Will check and fix it in next days.

@ibc ibc assigned ibc and jmillan Aug 13, 2021
ibc added a commit that referenced this issue Aug 13, 2021
@ibc
Fix wrong size_t* to int* conversion in 64bit Big-Endian hosts
d3ad46c 
- Fixes #636
- Ensure that we have RTP or RTCP packet length into a `int` variable since `srtp_(un)protect_xxxx()` methods expect a pointer to `int` and modify the length referenced by the given pointer.
@ibc ibc mentioned this issue Aug 13, 2021
Merged
@ibc
Copy link
Member

ibc commented Aug 13, 2021

Thanks for the report. Would you mind taking a look to PR #637 (and test it if possible)?

@xia-chu
Copy link
Author

xia-chu commented Aug 16, 2021

Thank you very much, but I don't have a big-endian machine to test. I also received these feedback from others。
I don't think the previous code is perfect,i think this problem should be fixed.

@xia-chu xia-chu closed this as completed Aug 16, 2021
ibc added a commit that referenced this issue Aug 16, 2021
@ibc
Fix wrong size_t* to int* conversion in 64bit Big-Endian hosts (#637)
8fca7de 
- Fixes #636
- Ensure that we have RTP or RTCP packet length into a `int` variable since `srtp_(un)protect_xxxx()` methods expect a pointer to `int` and modify the length referenced by the given pointer.
@ibc
Copy link
Member

ibc commented Aug 16, 2021

Please, next time don't close the issue. Let's please close the issue (automatically) when the PR that solves it is merged.

@xia-chu
Copy link
Author

xia-chu commented Aug 16, 2021 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ibc ibc

@jmillan jmillan

Labels
bug
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix wrong size_t* to int* conversion in 64bit Big-Endian hosts versatica/mediasoup
3 participants
@ibc @jmillan @xia-chu