Array out of bounds access when Produce() is called using the last codec in Device's caps array

**Scenario**: 
Load a device with 3 codec caps: opus, pcma, pcmu.
Create a SendTransport & then call `Produce` restricting the `codec` by forcing pcmu.
In **ortc.cpp**  `reduceCodecs` will check the Device caps array, it will get to pcmu which is the third and last element (idx == 2), and call  `isRtxCodec` on it.
```
if (matchCodecs(codecs[idx], const_cast<json&>(*capCodec)))
{
    filteredCodecs.push_back(codecs[idx]);
    
    if (isRtxCodec(codecs[idx + 1]))
	    filteredCodecs.push_back(codecs[idx + 1]);
    
    break;
}
```
This will effectively force nlohmann::json object to do an **out-of-bounds access**. The library guards against this by adding a null object to the end of the array:.
<img width="862" alt="image" src="https://github.com/versatica/libmediasoupclient/assets/16880567/8e940b65-e245-4778-a254-2dbf633dce38">

This will throw further down the line when `matchCodecs`tries to match the mimeType and it's looking for a string type not an obj type.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Array out of bounds access when Produce() is called using the last codec in Device's caps array #177

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Array out of bounds access when Produce() is called using the last codec in Device's caps array #177

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions