From 7c67b7de7cee32c52e520aa540395daf9e9e9018 Mon Sep 17 00:00:00 2001 From: Jason Gerecke Date: Fri, 20 Apr 2018 17:49:46 -0700 Subject: [PATCH] qrtplib: clear buffer fed to RTPSession::CreateCNAME The RTPSession::CreateCNAME function checks to see if the buffer that it is provided already has any data in it, and appends to it if so. The RTPSession::InternalCreate function calls this function with an uninitialized buffer, which results in indeterminate behavior. To ensure that the CNAME is properly created, we clear the buffer before use. ==30323== Conditional jump or move depends on uninitialised value(s) ==30323== at 0x4C30109: __strlen_sse2 (vg_replace_strmem.c:460) ==30323== by 0x85647A4: qrtplib::RTPSession::CreateCNAME(unsigned char*, unsigned long*, bool) (rtpsession.cpp:1150) ==30323== by 0x8564B35: qrtplib::RTPSession::InternalCreate(qrtplib::RTPSessionParams const&) (rtpsession.cpp:218) ==30323== by 0x5499159: RTPSink::RTPSink(QUdpSocket*, int, bool) (rtpsink.cpp:48) ==30323== by 0x5420B6A: AudioNetSink::AudioNetSink(QObject*, int, bool) (audionetsink.cpp:42) ==30323== by 0x541F465: AudioOutput::start(int, int) (audiooutput.cpp:114) ==30323== by 0x5412763: AudioDeviceManager::startAudioOutput(int) (audiodevicemanager.cpp:361) ==30323== by 0x5412B0C: AudioDeviceManager::addAudioSink(AudioFifo*, MessageQueue*, int) (audiodevicemanager.cpp:229) ==30323== by 0x33F96DE7: BFMDemod::BFMDemod(DeviceSourceAPI*) (bfmdemod.cpp:56) ==30323== by 0x33FB03F2: non-virtual thunk to BFMPlugin::createRxChannelBS(DeviceSourceAPI*) (bfmplugin.cpp:62) ==30323== by 0x4F47F25: DeviceUISet::loadRxChannelSettings(Preset const*, PluginAPI*) (deviceuiset.cpp:199) ==30323== by 0x4EA51EA: MainWindow::loadPresetSettings(Preset const*, int) (mainwindow.cpp:575) ==30323== by 0x4EAC81B: MainWindow::MainWindow(qtwebapp::LoggerWithFile*, MainParser const&, QWidget*) (mainwindow.cpp:176) ==30323== by 0x10A49B: runQtApplication(int, char**, qtwebapp::LoggerWithFile*) (main.cpp:120) ==30323== by 0x109B38: main (main.cpp:131) --- qrtplib/rtpsession.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qrtplib/rtpsession.cpp b/qrtplib/rtpsession.cpp index 643858cb8..a9d42a8d2 100644 --- a/qrtplib/rtpsession.cpp +++ b/qrtplib/rtpsession.cpp @@ -209,7 +209,7 @@ int RTPSession::InternalCreate(const RTPSessionParams &sessparams) // Init the RTCP packet builder double timestampunit = sessparams.GetOwnTimestampUnit(); - uint8_t buf[1024]; + uint8_t buf[1024] = {0}; std::size_t buflen = 1024; std::string forcedcname = sessparams.GetCNAME();