From 50a7e128f88cab897029ac0a02746e00d89a3c41 Mon Sep 17 00:00:00 2001
From: Mohamed Chibani <mohamed.chibani@savoirfairelinux.com>
Date: Tue, 16 Nov 2021 09:08:40 -0500
Subject: [PATCH] ice transport - fix illegal memory access

Check the size of the vector holding the default remote addresses
before using it.

Gitlab: #573

Change-Id: I21fcd7aae97a4ac2c28cc1cf64cbdde0bf73ff8c
---
 src/ice_transport.cpp | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/src/ice_transport.cpp b/src/ice_transport.cpp
index 060311c13d..cd7cdca7d2 100644
--- a/src/ice_transport.cpp
+++ b/src/ice_transport.cpp
@@ -129,7 +129,7 @@ public:
     // Generate server reflexive candidates using UPNP mappings.
     std::vector<std::pair<IpAddr, IpAddr>> setupUpnpReflexiveCandidates();
     void setDefaultRemoteAddress(unsigned comp_id, const IpAddr& addr);
-    const IpAddr getDefaultRemoteAddress(unsigned comp_id) const;
+    IpAddr getDefaultRemoteAddress(unsigned comp_id) const;
     bool handleEvents(unsigned max_msec);
     int flushTimerHeapAndIoQueue();
     int checkEventQueue(int maxEventToPoll);
@@ -528,9 +528,6 @@ IceTransport::Impl::initIceInstance(const IceTransportOptions& options)
             handleEvents(HANDLE_EVENT_DURATION);
         }
     });
-
-    // Init to invalid addresses
-    iceDefaultRemoteAddr_.reserve(compCount_);
 }
 
 bool
@@ -1084,12 +1081,13 @@ IceTransport::Impl::setDefaultRemoteAddress(unsigned compId, const IpAddr& addr)
     iceDefaultRemoteAddr_[compId - 1].setPort(0);
 }
 
-const IpAddr
+IpAddr
 IceTransport::Impl::getDefaultRemoteAddress(unsigned compId) const
 {
     ASSERT_COMP_ID(compId, compCount_);
-
-    return iceDefaultRemoteAddr_[compId - 1];
+    if (compId < iceDefaultRemoteAddr_.size())
+        return iceDefaultRemoteAddr_[compId - 1];
+    return {};
 }
 
 void
@@ -1379,9 +1377,8 @@ IceTransport::getRemoteAddress(unsigned comp_id) const
     // Note that the default remote addresses are the addresses
     // set in the 'c=' and 'a=rtcp' lines of the received SDP.
     // See pj_ice_strans_sendto2() for more details.
-
-    if (pimpl_->getDefaultRemoteAddress(comp_id)) {
-        return pimpl_->getDefaultRemoteAddress(comp_id);
+    if (auto defaultAddr = pimpl_->getDefaultRemoteAddress(comp_id)) {
+        return defaultAddr;
     }
 
     return pimpl_->getRemoteAddress(comp_id);
-- 
GitLab