rohc

ROHC library mishandles RTP Payload Type (PT) changes

Bug #555875 reported by Didier Barvaux
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
rohc
Status tracked in Rohc-main
1.2.x
Fix Released
High
Didier Barvaux
rohc 1.2.2
1.3.x
Fix Released
High
Didier Barvaux
rohc 1.3.1
Rohc-main
Fix Released
High
Didier Barvaux
rohc 1.4.0

Bug Description

The ROHC library does not handle correctly a RTP stream in which the Payload Type (PT) field changes. The library successfully compresses the RTP packets, but it fails to decompress them. The library does not crash but the decompressed RTP packet is not correct.

A capture of a IPv4/IPv4/UDP/RTP/MP3 stream with variable PT field is attached to this bug.

Tags: library
Revision history for this message
Didier Barvaux (didier-barvaux) wrote :
Revision history for this message
Didier Barvaux (didier-barvaux) wrote :

Confirmed for 1.2.1.

Revision history for this message
Didier Barvaux (didier-barvaux) wrote :

Confirmed for 1.3.0.

Revision history for this message
Didier Barvaux (didier-barvaux) wrote :

Confirmed for trunk.

Revision history for this message
Didier Barvaux (didier-barvaux) wrote :

Fix committed in branch 1.2.x, see http://bazaar.launchpad.net/~didier-barvaux/rohc/1.2.x/revision/113. Scheduled for release 1.2.2.

The change on the RTP Payload Type (PT) field was not detected correctly because the function is_changed() that reports if a field changed in the IP/UDP/RTP headers returned a bitmask instead of a boolean. The bitmask was later truncated in a 8-bit variable and the fact that the Payload Type changed was lost. The Payload Type was the only field impacted since it was the only one that got a value greater than 0xFF in the bitmask.

The detection of a change in the RTP Payload Type (PT) field was moved in the rtp_changed_rtp_dynamic() function of the c_rtp.c file because the code is specific to the RTP profile.

As a side effect, a bug that affected the extension 3 of the UOR-2 packets was found. The decision to set the "I" flag to 1 and the decison to put the optional IP-ID field were not the same. This leads to ROHC packets with the "I" flag set but without the related IP-ID field or ROHC packets without the "I" flag set but with the related IP-ID field.

This bug was fixed on the 1.2.x branch because it does not affects the compatibility with previous 1.2.x releases.

The capture that is attached to the bug was used to create a new non-regression test.

Revision history for this message
Didier Barvaux (didier-barvaux) wrote :

Fix committed in branch 1.3.x, see http://bazaar.launchpad.net/~didier-barvaux/rohc/1.3.x/revision/137. Scheduled for release 1.2.2.

The fix is the same as the one for branch 1.2.x. The new non-regression test was adapted to be run within "make check".

The bug was fixed on the 1.3.x branch because it does not affects the compatibility with previous 1.3.x releases.

Revision history for this message
Didier Barvaux (didier-barvaux) wrote :

Errata: the fix committed in branch 1.3.x is scheduled for release 1.3.1 not 1.2.2.

Revision history for this message
Didier Barvaux (didier-barvaux) wrote :

Fix committed in trunk, see http://bazaar.launchpad.net/~didier-barvaux/rohc/main/revision/142. Scheduled for release 1.4.0.

The fix is the same as the one for branch 1.3.x. Some debug traces that helped a lot during bug analysis and fix were also committed.

Revision history for this message
Didier Barvaux (didier-barvaux) wrote :

Fix released in version 1.3.1.

Revision history for this message
Didier Barvaux (didier-barvaux) wrote :

Fix released in version 1.2.2.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.