[jitsi-dev] FMJ - Where is the source? (and a couple of bugs..)


#1

The FMJ project doesn't seem to have had a check in for ~5 years, but I see
an updated FMJ.jar has been checked into the jitsi code base several times.
Where is the updated source kept?

I ask, because I think I've spotted a couple of bugs in the FMJ code

First a fairly benign one

The RTCPHeader constructor includes the code
    } else if (getLength() > length) {

            throw new IOException("Invalid Length");

        }
This doesn't do what it's meant to since the passed in length is in bytes
and the value returned by getLength() is in 32bit words -1

From RTCP RFC (RCF3550 s6.4):

length: 16 bits

      The length of this RTCP packet in 32-bit words minus one,

      including the header and any padding. (The offset of one makes

      zero a valid length and avoids a possible infinite loop in

      scanning a compound RTCP packet, while counting 32-bit words

      avoids a validity check for a multiple of 4.)

The other bug is actually causing me problems. The RTCPReport constructor
include this
} else if (((header.getLength() + 1) * 4) >= length) {

            throw new IOException("Invalid Length");

        }
This throws an exception when the length passed in (in bytes) is equal to
length of the packet as reported by the header! This is clearly wrong!

Tom


#2

The FMJ project doesn't seem to have had a check in for ~5 years, but I
see an updated FMJ.jar has been checked into the jitsi code base several
times. Where is the updated source kept?

It's all on source forge:

http://fmj.cvs.sourceforge.net/viewvc/fmj/fmj

It's just that CVS does not seem to present latest changes the same way
as SVN for example, so they are not all that clearly visible.

Statistics are available here though:

http://sourceforge.net/projects/fmj/stats/scm?repo=CVSRepository

I ask, because I think I've spotted a couple of bugs in the FMJ code

First a fairly benign one

The RTCPHeader constructor includes the code
> >>} else if (getLength() > length) {|

> >>throw new IOException("Invalid Length");|

> >>}
>
This doesn't do what it's meant to since the passed in length is in
bytes and the value returned by getLength() is in 32bit words -1

From RTCP RFC (RCF3550 s6.4):

length: 16 bits

      The length of this RTCP packet in 32-bit words minus one,

      including the header and any padding. (The offset of one makes

      zero a valid length and avoids a possible infinite loop in

      scanning a compound RTCP packet, while counting 32-bit words

      avoids a validity check for a multiple of 4.)

The other bug is actually causing me problems. The RTCPReport
constructor include this
>} else if (((header.getLength() + 1) * 4) >= length) {|

> >>throw new IOException("Invalid Length");|

> >>}|
This throws an exception when the length passed in (in bytes) is equal
to length of the packet as reported by the header! This is clearly wrong!

Are these also present with the latest code? We've done a lot of changes
on RTP.

Emil

···

On 08.08.12, 16:59, Tom Denham wrote: