diff options
| -rw-r--r-- | sdpd/request.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/sdpd/request.c b/sdpd/request.c index 20e68b62..5e3c715f 100644 --- a/sdpd/request.c +++ b/sdpd/request.c @@ -179,7 +179,10 @@ static sdp_cont_state_t *sdp_cstate_get(uint8_t *buffer) pdata += sizeof(uint8_t); if (cStateSize != 0) { - sdp_cont_state_t *cstate = (sdp_cont_state_t *)pdata; + sdp_cont_state_t *cstate = malloc(sizeof(sdp_cont_state_t)); + if (!cstate) + return NULL; + memcpy(cstate, (sdp_cont_state_t *)pdata, sizeof(sdp_cont_state_t)); debug("Cstate TS : 0x%lx", cstate->timestamp); debug("Bytes sent : %d", cstate->cStateValue.maxBytesSent); return cstate; @@ -408,6 +411,8 @@ static int service_search_req(sdp_req_t *req, sdp_buf_t *buf) } done: + if (cstate) + free(cstate); if (pattern) sdp_list_free(pattern, free); @@ -593,6 +598,8 @@ static int service_attr_req(sdp_req_t *req, sdp_buf_t *buf) buf->buf_size += sizeof(uint16_t); done: + if (cstate) + free(cstate); if (seq) sdp_list_free(seq, free); if (status) @@ -754,6 +761,8 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf) } done: + if (cstate) + free(cstate); if (tmpbuf.data) free(tmpbuf.data); if (pattern) |