fix many buffer overflows again (previous attempt was not sufficent)

8f0f1635 · Simon Morlat · 376409db · 8f0f1635 · 8f0f1635 · 8f0f1635
Commit 8f0f1635 authored May 03, 2013 by Simon Morlat
7 changed files
--- a/src/belle_sdp_impl.c
+++ b/src/belle_sdp_impl.c
@@ -43,15 +43,14 @@ int belle_sdp_attribute_marshal(belle_sdp_attribute_t* attribute, char* buff,uns
 								,buff_size-current_offset
 								,"a=%s"
 								,attribute->name);
-	if (current_offset>=buff_size) goto end;
+	if (current_offset>=buff_size) return buff_size-offset;
 	if (attribute->value) {
 		current_offset+=snprintf(	buff+current_offset
 									,buff_size-current_offset
 									,":%s"
 									,attribute->value);
-		if (current_offset>=buff_size) goto end;
+		if (current_offset>=buff_size) return buff_size-offset;
 	}
-end:
 	return current_offset-offset;
 }
 BELLE_SDP_NEW(attribute,belle_sip_object)
@@ -90,7 +89,7 @@ int belle_sdp_bandwidth_marshal(belle_sdp_bandwidth_t* bandwidth, char* buff,uns
 								,buff_size-current_offset
 								,"b=%s:%i"
 								,bandwidth->type,bandwidth->value);
-
+	if (current_offset>=buff_size) return buff_size-offset;
 	return current_offset-offset;
 }
 BELLE_SDP_NEW(bandwidth,belle_sip_object)
@@ -128,6 +127,7 @@ int belle_sdp_connection_marshal(belle_sdp_connection_t* connection, char* buff,
 								,connection->network_type
 								,connection->address_type
 								,connection->address);
+	if (current_offset>=buff_size) return buff_size-offset;
 	return current_offset-offset;
 }
 BELLE_SDP_NEW(connection,belle_sip_object)
@@ -163,6 +163,7 @@ int belle_sdp_email_marshal(belle_sdp_email_t* email, char* buff,unsigned int of
 								,buff_size-current_offset
 								,"e=%s"
 								,email->value);
+	if (current_offset>=buff_size) return buff_size-offset; 
 	return current_offset-offset;
 }
 BELLE_SDP_NEW(email,belle_sip_object)
@@ -189,6 +190,7 @@ int belle_sdp_info_marshal(belle_sdp_info_t* info, char* buff,unsigned int offse
 								,buff_size-current_offset
 								,"i=%s"
 								,info->value);
+	if (current_offset>=buff_size) return buff_size-offset; 
 	return current_offset-offset;
 }
 BELLE_SDP_NEW(info,belle_sip_object)
@@ -237,27 +239,26 @@ int belle_sdp_media_marshal(belle_sdp_media_t* media, char* buff,unsigned int of
 								,media->media_type
 								,media->media_port
 								);
-	if (current_offset>=buff_size) goto end;
+	if (current_offset>=buff_size) return buff_size-offset; 
 	if (media->port_count>1) {
 		current_offset+=snprintf(buff+current_offset
 								,buff_size-current_offset
 								,"/%i"
 								,media->port_count);
-		if (current_offset>=buff_size) goto end;
+		if (current_offset>=buff_size) return buff_size-offset; 
 	}
 	current_offset+=snprintf(	buff+current_offset
 								,buff_size-current_offset
 								," %s"
 								,media->protocol);
-	if (current_offset>=buff_size) goto end;
+	if (current_offset>=buff_size) return buff_size-offset; 
 	for(;list!=NULL;list=list->next){
 		current_offset+=snprintf(	buff+current_offset
 									,buff_size-current_offset
 									," %li"
 									,(long)list->data);
-		if (current_offset>=buff_size) goto end;
+		if (current_offset>=buff_size) return buff_size-offset; 
 	}
-end:
 	return current_offset-offset;
 }
 BELLE_SDP_NEW_WITH_CTR(media,belle_sip_object)
@@ -319,27 +320,26 @@ int belle_sdp_base_description_marshal(belle_sdp_base_description_t* base_descri
 //	belle_sip_list_t* attributes;
 	if (base_description->info) {
 		current_offset+=belle_sip_object_marshal(BELLE_SIP_OBJECT(base_description->info),buff,current_offset,buff_size);
-		if (current_offset>=buff_size) goto end;
+		if (current_offset>=buff_size) return buff_size-offset; 
 		current_offset+=snprintf(buff+current_offset, buff_size-current_offset, "\r\n");
-		if (current_offset>=buff_size) goto end;
+		if (current_offset>=buff_size) return buff_size-offset; 
 	}
 	if (base_description->connection) {
 		current_offset+=belle_sip_object_marshal(BELLE_SIP_OBJECT(base_description->connection),buff,current_offset,buff_size);
-		if (current_offset>=buff_size) goto end;
+		if (current_offset>=buff_size) return buff_size-offset; 
 		current_offset+=snprintf(buff+current_offset, buff_size-current_offset, "\r\n");
-		if (current_offset>=buff_size) goto end;
+		if (current_offset>=buff_size) return buff_size-offset; 
 	}
 	for(bandwidths=base_description->bandwidths;bandwidths!=NULL;bandwidths=bandwidths->next){
 		current_offset+=belle_sip_object_marshal(BELLE_SIP_OBJECT(bandwidths->data),buff,current_offset,buff_size);
-		if (current_offset>=buff_size) goto end;
+		if (current_offset>=buff_size) return buff_size-offset; 
 		current_offset+=snprintf(buff+current_offset, buff_size-current_offset, "\r\n");
-		if (current_offset>=buff_size) goto end;
+		if (current_offset>=buff_size) return buff_size-offset; 
 	}
 //	for(attributes=base_description->attributes;attributes!=NULL;attributes=attributes->next){
 //		current_offset+=belle_sip_object_marshal(BELLE_SIP_OBJECT(attributes->data),buff,current_offset,buff_size);
 //		current_offset+=snprintf(buff+current_offset, buff_size-current_offset, "\r\n");
 //	}
-end:
 	return current_offset-offset;
 }

@@ -461,22 +461,23 @@ void belle_sdp_media_description_clone(belle_sdp_media_description_t *media_desc
 int belle_sdp_media_description_marshal(belle_sdp_media_description_t* media_description, char* buff,unsigned int offset,unsigned int buff_size) {
 	unsigned int current_offset=offset;
 	belle_sip_list_t* attributes;
+	
 	current_offset+=belle_sip_object_marshal(BELLE_SIP_OBJECT(media_description->media),buff,current_offset,buff_size);
-	if (current_offset>=buff_size) goto end;
+	if (current_offset>=buff_size) return buff_size-offset; 
 	current_offset+=snprintf(buff+current_offset, buff_size-current_offset, "\r\n");
-	if (current_offset>=buff_size) goto end;
+	if (current_offset>=buff_size) return buff_size-offset; 
 	current_offset+=belle_sdp_base_description_marshal(BELLE_SIP_CAST(media_description,belle_sdp_base_description_t),buff,current_offset,buff_size);
-	if (current_offset>=buff_size) goto end;
+	if (current_offset>=buff_size) return buff_size-offset; 

 	for(attributes=media_description->base_description.attributes;attributes!=NULL;attributes=attributes->next){
 		current_offset+=belle_sip_object_marshal(BELLE_SIP_OBJECT(attributes->data),buff,current_offset,buff_size);
-		if (current_offset>=buff_size) goto end;
+		if (current_offset>=buff_size) return buff_size-offset; 
 		current_offset+=snprintf(buff+current_offset, buff_size-current_offset, "\r\n");
-		if (current_offset>=buff_size) goto end;
+		if (current_offset>=buff_size) return buff_size-offset; 
 	}
-end:
 	return current_offset-offset;
 }
+
 BELLE_SDP_NEW(media_description,belle_sdp_base_description)
 belle_sdp_media_description_t* belle_sdp_media_description_create(const char* media_type
                         	 	 	 	 	 	 	 	 	 	 ,int media_port
@@ -831,6 +832,7 @@ int belle_sdp_origin_marshal(belle_sdp_origin_t* origin, char* buff,unsigned int
 									,origin->network_type
 									,origin->address_type
 									,origin->address);
+	if (current_offset>=buff_size) return buff_size-offset;
 	return current_offset-offset;
 }
 BELLE_SDP_NEW(origin,belle_sip_object)
@@ -877,6 +879,7 @@ int belle_sdp_session_name_marshal(belle_sdp_session_name_t* session_name, char*
 								,buff_size-current_offset
 								,"s=%s"
 								,session_name->value);
+	if (current_offset>=buff_size) return buff_size-offset;
 	return current_offset-offset;
 }
 BELLE_SDP_NEW(session_name,belle_sip_object)
@@ -951,44 +954,43 @@ int belle_sdp_session_description_marshal(belle_sdp_session_description_t* sessi
 	belle_sip_list_t* attributes;

 	current_offset+=belle_sip_object_marshal(BELLE_SIP_OBJECT(session_description->version),buff,current_offset,buff_size);
-	if (current_offset>=buff_size) goto end;
+	if (current_offset>=buff_size) return buff_size-offset;
 	current_offset+=snprintf(buff+current_offset, buff_size-current_offset, "\r\n");
-	if (current_offset>=buff_size) goto end;
+	if (current_offset>=buff_size) return buff_size-offset;

 	current_offset+=belle_sip_object_marshal(BELLE_SIP_OBJECT(session_description->origin),buff,current_offset,buff_size);
-	if (current_offset>=buff_size) goto end;
+	if (current_offset>=buff_size) return buff_size-offset;
 	current_offset+=snprintf(buff+current_offset, buff_size-current_offset, "\r\n");
-	if (current_offset>=buff_size) goto end;
+	if (current_offset>=buff_size) return buff_size-offset;

 	current_offset+=belle_sip_object_marshal(BELLE_SIP_OBJECT(session_description->session_name),buff,current_offset,buff_size);
-	if (current_offset>=buff_size) goto end;
+	if (current_offset>=buff_size) return buff_size-offset;
 	current_offset+=snprintf(buff+current_offset, buff_size-current_offset, "\r\n");
-	if (current_offset>=buff_size) goto end;
+	if (current_offset>=buff_size) return buff_size-offset;

 	current_offset+=belle_sdp_base_description_marshal((belle_sdp_base_description_t*)(&session_description->base_description),buff,current_offset,buff_size);
-	if (current_offset>=buff_size) goto end;
+	if (current_offset>=buff_size) return buff_size-offset;
 	
 	current_offset+=snprintf(buff+current_offset, buff_size-current_offset, "t=");
-	if (current_offset>=buff_size) goto end;
+	if (current_offset>=buff_size) return buff_size-offset;
 	for(times=session_description->times;times!=NULL;times=times->next){
 		current_offset+=belle_sip_object_marshal(BELLE_SIP_OBJECT(times->data),buff,current_offset,buff_size);
-		if (current_offset>=buff_size) goto end;
+		if (current_offset>=buff_size) return buff_size-offset;
 		current_offset+=snprintf(buff+current_offset, buff_size-current_offset, "\r\n");
-		if (current_offset>=buff_size) goto end;
+		if (current_offset>=buff_size) return buff_size-offset;
 	}

 	for(attributes=session_description->base_description.attributes;attributes!=NULL;attributes=attributes->next){
 		current_offset+=belle_sip_object_marshal(BELLE_SIP_OBJECT(attributes->data),buff,current_offset,buff_size);
-		if (current_offset>=buff_size) goto end;
+		if (current_offset>=buff_size) return buff_size-offset;
 		current_offset+=snprintf(buff+current_offset, buff_size-current_offset, "\r\n");
-		if (current_offset>=buff_size) goto end;
+		if (current_offset>=buff_size) return buff_size-offset;
 	}

 	for(media_descriptions=session_description->media_descriptions;media_descriptions!=NULL;media_descriptions=media_descriptions->next){
 		current_offset+=belle_sip_object_marshal(BELLE_SIP_OBJECT(media_descriptions->data),buff,current_offset,buff_size);
-		if (current_offset>=buff_size) goto end;
+		if (current_offset>=buff_size) return buff_size-offset;
 	}
-end:
 	return current_offset-offset;
 }
 BELLE_SDP_NEW(session_description,belle_sdp_base_description)
@@ -1139,6 +1141,7 @@ int belle_sdp_time_marshal(belle_sdp_time_t* time, char* buff,unsigned int offse
 								,"%i %i"
 								,time->start
 								,time->stop);
+	if (current_offset>=buff_size) return buff_size-offset;
 	return current_offset-offset;
 }
 BELLE_SDP_NEW(time,belle_sip_object)
@@ -1165,6 +1168,7 @@ void belle_sdp_time_description_clone(belle_sdp_time_description_t *time_descrip
 int belle_sdp_time_description_marshal(belle_sdp_time_description_t* time_description, char* buff,unsigned int offset,unsigned int buff_size) {
 	unsigned int current_offset=offset;
 	current_offset+=belle_sip_object_marshal(BELLE_SIP_OBJECT(time_description->time),buff,current_offset,buff_size);
+	if (current_offset>=buff_size) return buff_size-offset;
 	return current_offset-offset;
 }
 BELLE_SDP_NEW(time_description,belle_sip_object)
@@ -1212,6 +1216,7 @@ int belle_sdp_version_marshal(belle_sdp_version_t* version, char* buff,unsigned
 								,buff_size-current_offset
 								,"v=%i"
 								,version->version);
+	if (current_offset>=buff_size) return buff_size-offset;
 	return current_offset-offset;
 }
 BELLE_SDP_NEW(version,belle_sip_object)

--- a/src/belle_sip_headers_impl.c
+++ b/src/belle_sip_headers_impl.c
@@ -127,7 +127,7 @@ int belle_sip_header_address_marshal(belle_sip_header_address_t* header, char* b
 	current_offset+=belle_sip_parameters_marshal(&header->base,buff,current_offset,buff_size);
 	if (current_offset>=buff_size) goto end;
 end:
-	return current_offset-offset;
+	return MIN(current_offset-offset,buff_size-offset);
 }

 BELLE_SIP_NEW_HEADER(header_address,parameters,"header_address")
@@ -184,7 +184,7 @@ int belle_sip_header_allow_marshal(belle_sip_header_allow_t* allow, char* buff,u
 	current_offset+=snprintf(buff+current_offset,buff_size-current_offset,"%s",allow->method);
 	if (current_offset>=buff_size) goto end;
 end:
-	return current_offset-offset;
+	return MIN(current_offset-offset,buff_size-offset);

 }
 BELLE_SIP_NEW_HEADER(header_allow,header,"Allow")
@@ -222,7 +222,7 @@ int belle_sip_header_contact_marshal(belle_sip_header_contact_t* contact, char*
 	}
 	if (current_offset>=buff_size) goto end;
 end:
-	return current_offset-offset;
+	return MIN(current_offset-offset,buff_size-offset);
 }
 BELLE_SIP_NEW_HEADER(header_contact,header_address,BELLE_SIP_CONTACT)
 BELLE_SIP_PARSE(header_contact)
@@ -275,7 +275,7 @@ unsigned int belle_sip_header_contact_not_equals(const belle_sip_header_contact_
 		current_offset+=belle_sip_header_address_marshal(&header->address, buff,current_offset, buff_size); \
 		if (current_offset>=buff_size) goto end;\
 		end:\
-		return current_offset-offset;
+		return MIN(current_offset-offset,buff_size-offset);

 struct _belle_sip_header_from  {
 	belle_sip_header_address_t address;
@@ -409,7 +409,7 @@ int belle_sip_header_user_agent_marshal(belle_sip_header_user_agent_t* user_agen
 		if (current_offset>=buff_size) goto end;
 	}
 end:
-	return current_offset-offset;
+	return MIN(current_offset-offset,buff_size-offset);

 }
 BELLE_SIP_NEW_HEADER(header_user_agent,header,"User-Agent")
@@ -504,7 +504,7 @@ int belle_sip_header_via_marshal(belle_sip_header_via_t* via, char* buff,unsigne
 	if (current_offset>=buff_size) goto end;
 	
 end:
-	return current_offset-offset;
+	return MIN(current_offset-offset,buff_size-offset);
 }

 belle_sip_header_via_t* belle_sip_header_via_create(const char *host, int port, const char *transport, const char *branch){
@@ -604,7 +604,7 @@ int belle_sip_header_call_id_marshal(belle_sip_header_call_id_t* call_id, char*
 	current_offset+=snprintf(buff+current_offset,buff_size-current_offset,"%s",call_id->call_id);
 	if (current_offset>=buff_size) goto end;
 end:
-	return current_offset-offset;
+	return MIN(current_offset-offset,buff_size-offset);
 }
 unsigned int belle_sip_header_call_id_equals(const belle_sip_header_call_id_t* a,const belle_sip_header_call_id_t* b) {
 	return strcasecmp(a->call_id,b->call_id) == 0;
@@ -637,7 +637,7 @@ int belle_sip_header_cseq_marshal(belle_sip_header_cseq_t* cseq, char* buff,unsi
 	current_offset+=snprintf(buff+current_offset,buff_size-current_offset,"%i %s",cseq->seq_number,cseq->method);
 	if (current_offset>=buff_size) goto end;
 end:
-	return current_offset-offset;
+	return MIN(current_offset-offset,buff_size-offset);
 }
 belle_sip_header_cseq_t * belle_sip_header_cseq_create(unsigned int number, const char *method){
 	belle_sip_header_cseq_t *cseq=belle_sip_header_cseq_new();
@@ -678,7 +678,7 @@ int belle_sip_header_content_type_marshal(belle_sip_header_content_type_t* conte
 	if (current_offset>=buff_size) goto end;
 	
 end:
-	return current_offset-offset;
+	return MIN(current_offset-offset,buff_size-offset);
 }
 BELLE_SIP_NEW_HEADER(header_content_type,parameters,BELLE_SIP_CONTENT_TYPE)
 BELLE_SIP_PARSE(header_content_type)
@@ -776,7 +776,7 @@ int belle_sip_header_content_length_marshal(belle_sip_header_content_length_t* c
 	current_offset+=snprintf(buff+current_offset,buff_size-current_offset,"%i",content_length->content_length);
 	if (current_offset>=buff_size) goto end;
 end:
-	return current_offset-offset;
+	return MIN(current_offset-offset,buff_size-offset);
 }
 BELLE_SIP_NEW_HEADER(header_content_length,header,BELLE_SIP_CONTENT_LENGTH)
 BELLE_SIP_PARSE(header_content_length)
@@ -811,7 +811,7 @@ int belle_sip_header_expires_marshal(belle_sip_header_expires_t* expires, char*
 	current_offset+=snprintf(buff+current_offset,buff_size-current_offset,"%i",expires->expires);
 	if (current_offset>=buff_size) goto end;
 end:
-	return current_offset-offset;
+	return MIN(current_offset-offset,buff_size-offset);
 }
 BELLE_SIP_NEW_HEADER(header_expires,header,BELLE_SIP_EXPIRES)
 BELLE_SIP_PARSE(header_expires)
@@ -844,7 +844,7 @@ int belle_sip_header_extension_marshal(belle_sip_header_extension_t* extension,
 	current_offset+=snprintf(buff+current_offset,buff_size-current_offset,"%s",extension->value);
 	if (current_offset>=buff_size) goto end;
 end:
-	return current_offset-offset;
+	return MIN(current_offset-offset,buff_size-offset);

 }
 BELLE_SIP_NEW_HEADER(header_extension,header,NULL)
@@ -1045,7 +1045,7 @@ int belle_sip_header_authorization_marshal(belle_sip_header_authorization_t* aut
 		if (current_offset>=buff_size) goto end;
 	}
 end:
-	return current_offset-offset;
+	return MIN(current_offset-offset,buff_size-offset);
 }
 BELLE_SIP_NEW_HEADER(header_authorization,parameters,BELLE_SIP_AUTHORIZATION)
 BELLE_SIP_PARSE(header_authorization)
@@ -1143,7 +1143,7 @@ int belle_sip_header_www_authenticate_marshal(belle_sip_header_www_authenticate_
 		border=", ";
 	}
 end:
-	return current_offset-offset;
+	return MIN(current_offset-offset,buff_size-offset);
 }
 #define SET_ADD_STRING_LIST(header,name) \
 void header##_set_##name(header##_t* obj, belle_sip_list_t*  value) {\
@@ -1219,7 +1219,7 @@ int belle_sip_header_max_forwards_marshal(belle_sip_header_max_forwards_t* max_f
 	current_offset+=snprintf(buff+current_offset,buff_size-current_offset,"%i",max_forwards->max_forwards);
 	if (current_offset>=buff_size) goto end;
 end:
-	return current_offset-offset;
+	return MIN(current_offset-offset,buff_size-offset);
 }
 BELLE_SIP_NEW_HEADER(header_max_forwards,header,"Max-Forwards")
 BELLE_SIP_PARSE(header_max_forwards)
@@ -1254,7 +1254,7 @@ int belle_sip_header_subscription_state_marshal(belle_sip_header_subscription_st
 	current_offset+=belle_sip_parameters_marshal(BELLE_SIP_PARAMETERS(subscription_state), buff,current_offset, buff_size);
 	if (current_offset>=buff_size) goto end;
 end:
-	return current_offset-offset;
+	return MIN(current_offset-offset,buff_size-offset);
 }
 BELLE_SIP_NEW_HEADER(header_subscription_state,parameters,BELLE_SIP_SUBSCRIPTION_STATE)
 BELLE_SIP_PARSE(header_subscription_state)
@@ -1329,7 +1329,7 @@ int belle_sip_header_replaces_marshal(belle_sip_header_replaces_t* replaces, cha
 	current_offset+=belle_sip_parameters_marshal(BELLE_SIP_PARAMETERS(replaces), buff,current_offset, buff_size);
 	if (current_offset>=buff_size) goto end;
 end:
-	return current_offset-offset;
+	return MIN(current_offset-offset,buff_size-offset);
 }
 BELLE_SIP_NEW_HEADER(header_replaces,parameters,BELLE_SIP_REPLACES)
 BELLE_SIP_PARSE(header_replaces)
@@ -1401,7 +1401,7 @@ int belle_sip_header_date_marshal(belle_sip_header_date_t* obj, char* buff,unsig
 	current_offset+=snprintf(buff+current_offset,buff_size-current_offset,"%s",obj->date);
 	if (current_offset>=buff_size) goto end;
 end:
-	return current_offset-offset;
+	return MIN(current_offset-offset,buff_size-offset);
 }

 BELLE_SIP_NEW_HEADER(header_date,header,BELLE_SIP_DATE)

--- a/src/belle_sip_object.c
+++ b/src/belle_sip_object.c
@@ -259,11 +259,46 @@ const char* belle_sip_object_get_name(belle_sip_object_t* object) {
 	return object->name;
 }

+/*turn this to 1 if you feel a marshal method is buggy.*/
+#define CHECKED_MARSHAL 0
+
+#if CHECKED_MARSHAL
+
+static int checked_marshal(belle_sip_object_vptr_t *vptr, belle_sip_object_t* obj, char* buff,unsigned int offset,size_t buff_size){
+	int tmp_buf_size=buff_size*2;
+	char *p=(char*)belle_sip_malloc0(tmp_buf_size);
+	int i;
+	int ret=vptr->marshal(obj,p,offset,buff_size);
+	int written;
+	
+	for (i=offset;i<buff_size;++i){
+		if (p[i]=='\0') break;
+	}
+	written=i-offset;
+	if (written>(buff_size-offset)){
+		belle_sip_fatal("Object of type %s commited a buffer overflow by marshalling %i bytes ",
+			vptr->type_name,written);
+	}
+	if (written!=ret && written!=(buff_size-offset-1)){ /*this is because snprintf won't allow you to write a non null character at the end of the buffer*/
+		belle_sip_fatal("Object of type %s marshalled %i bytes but said it marshalled %i bytes !",
+			vptr->type_name,written,ret);
+	}
+	memcpy(buff+offset,p+offset,ret);
+	belle_sip_free(p);
+	return ret;
+}
+
+#endif
+
 int belle_sip_object_marshal(belle_sip_object_t* obj, char* buff,unsigned int offset,size_t buff_size) {
 	belle_sip_object_vptr_t *vptr=obj->vptr;
 	while (vptr != NULL) {
 		if (vptr->marshal != NULL) {
+#if CHECKED_MARSHAL
+			return checked_marshal(vptr,obj,buff,offset,buff_size);
+#else
 			return vptr->marshal(obj,buff,offset,buff_size);
+#endif
 		} else {
 			vptr=vptr->parent;
 		}
@@ -286,6 +321,12 @@ static char * belle_sip_object_to_alloc_string(belle_sip_object_t *obj, int size
 	return buf;
 }

+static int get_hint_size(int size){
+	if (size<128)
+		return 128;
+	return size;
+}
+
 char* belle_sip_object_to_string(void* _obj) {
 	belle_sip_object_t *obj=BELLE_SIP_OBJECT(_obj);
 	if (obj->vptr->tostring_bufsize_hint!=0){
@@ -295,10 +336,10 @@ char* belle_sip_object_to_string(void* _obj) {
 		int size = belle_sip_object_marshal(obj,buff,0,sizeof(buff));
 		if (size>=sizeof(buff)-1){
 			belle_sip_message("belle_sip_object_to_string(): temporary buffer is too short while doing to_string() for %s, retrying", obj->vptr->type_name);
-			return belle_sip_object_to_alloc_string(obj,2*size);
+			return belle_sip_object_to_alloc_string(obj,get_hint_size(2*size));
 		}
 		buff[size]='\0';
-		obj->vptr->tostring_bufsize_hint=2*size;
+		obj->vptr->tostring_bufsize_hint=get_hint_size(2*size);
 		return belle_sip_strdup(buff);
 	}
 }

--- a/src/belle_sip_parameters.c
+++ b/src/belle_sip_parameters.c
@@ -51,9 +51,8 @@ int belle_sip_parameters_marshal(const belle_sip_parameters_t* params, char* buf
 		} else {
 			current_offset+=snprintf(buff+current_offset,buff_size-current_offset,";%s",container->name);
 		}
-		if (current_offset>=buff_size) goto end;
+		if (current_offset>=buff_size) return buff_size-offset;
 	}
-end:
 	return current_offset-offset;
 }
 BELLE_SIP_NEW_HEADER(parameters,header,"parameters")

--- a/src/belle_sip_uri_impl.c
+++ b/src/belle_sip_uri_impl.c
@@ -74,13 +74,13 @@ int belle_sip_uri_marshal(const belle_sip_uri_t* uri, char* buff,unsigned int of
 	const belle_sip_list_t* list=belle_sip_parameters_get_parameters(uri->header_list);

 	current_offset+=snprintf(buff+current_offset,buff_size-current_offset,"%s:",uri->secure?"sips":"sip");
-	if (current_offset>=buff_size) goto end;
+	if (current_offset>=buff_size) return buff_size-offset;
 	
 	if (uri->user) {
 		char* escaped_username=belle_sip_to_escaped_string(uri->user);
 		current_offset+=snprintf(buff+current_offset,buff_size-current_offset,"%s@",escaped_username);
 		belle_sip_free(escaped_username);
-		if (current_offset>=buff_size) goto end;
+		if (current_offset>=buff_size) return buff_size-offset;
 	}
 	if (uri->host) {
 		if (strchr(uri->host,':')) { /*ipv6*/
@@ -88,16 +88,16 @@ int belle_sip_uri_marshal(const belle_sip_uri_t* uri, char* buff,unsigned int of
 		} else {
 			current_offset+=snprintf(buff+current_offset,buff_size-current_offset,"%s",uri->host);
 		}
-		if (current_offset>=buff_size) goto end;
+		if (current_offset>=buff_size) return buff_size-offset;
 	} else {
 		belle_sip_warning("no host found in this uri");
 	}
 	if (uri->port>0) {
 		current_offset+=snprintf(buff+current_offset,buff_size-current_offset,":%i",uri->port);
-		if (current_offset>=buff_size) goto end;
+		if (current_offset>=buff_size) return buff_size-offset;
 	}
 	current_offset+=belle_sip_parameters_marshal(&uri->params,buff,current_offset,buff_size);
-	if (current_offset>=buff_size) goto end;
+	if (current_offset>=buff_size) return buff_size-offset;

 	for(;list!=NULL;list=list->next){
 		belle_sip_param_pair_t* container = list->data;
@@ -108,9 +108,8 @@ int belle_sip_uri_marshal(const belle_sip_uri_t* uri, char* buff,unsigned int of
 			//subsequent headers
 			current_offset+=snprintf(buff+current_offset,buff_size-current_offset,"&%s=%s",container->name,container->value);
 		}
-		if (current_offset>=buff_size) goto end;
+		if (current_offset>=buff_size) return buff_size-offset;
 	}
-end:	
 	return current_offset-offset;
 }


--- a/src/message.c
+++ b/src/message.c
@@ -255,15 +255,13 @@ int belle_sip_headers_marshal(belle_sip_message_t *message, char* buff,unsigned
 				;header_list=header_list->next)	{
 			belle_sip_header_t *h=BELLE_SIP_HEADER(header_list->data);
 			current_offset+=belle_sip_object_marshal(BELLE_SIP_OBJECT(h),buff,current_offset,buff_size);
-			if (current_offset>=buff_size) goto end;
+			if (current_offset>=buff_size) return buff_size-offset;
 			current_offset+=snprintf(buff+current_offset,buff_size-current_offset,"%s","\r\n");
-			if (current_offset>=buff_size) goto end;
+			if (current_offset>=buff_size) return buff_size-offset;
 		}
 	}
 	current_offset+=snprintf(buff+current_offset,buff_size-current_offset,"%s","\r\n");
-	if (current_offset>=buff_size) goto end;
-	
-end:
+	if (current_offset>=buff_size) return buff_size-offset;
 	return current_offset-offset;
 }

@@ -301,7 +299,7 @@ int belle_sip_request_marshal(belle_sip_request_t* request, char* buff,unsigned
 		if (current_offset>=buff_size) goto end;
 	}
 end:
-	return current_offset-offset;
+	return MIN(current_offset-offset,buff_size-offset);
 }

 BELLE_SIP_NEW(request,message)
@@ -483,7 +481,7 @@ int belle_sip_response_marshal(belle_sip_response_t *resp, char* buff,unsigned i
 		if (current_offset>=buff_size) goto end;
 	}
 end:
-	return current_offset-offset;
+	return MIN(current_offset-offset,buff_size-offset);
 }
 BELLE_SIP_NEW(response,message);
 BELLE_SIP_PARSE(response)

--- a/tester/belle_sdp_tester.c
+++ b/tester/belle_sdp_tester.c
@@ -313,8 +313,7 @@ static void test_simple_session_description(void) {
 	return;
 }

-static void test_session_description(void) {
-	const char* l_src = "v=0\r\n"\
+static const char* big_sdp = "v=0\r\n"\
 						"o=jehan-mac 1239 1239 IN IP6 2a01:e35:1387:1020:6233:4bff:fe0b:5663\r\n"\
 						"s=SIP Talk\r\n"\
 						"c=IN IP4 192.168.0.18\r\n"\
@@ -336,6 +335,9 @@ static void test_session_description(void) {
 						"a=rtpmap:97 theora/90000\r\n"\
 						"a=rtpmap:98 H263-1998/90000\r\n"\
 						"a=fmtp:98 CIF=1;QCIF=1\r\n";
+
+static void test_session_description(void) {
+	const char* l_src = big_sdp;
 	belle_sdp_origin_t* l_origin;
 	belle_sdp_session_description_t* lTmp;
 	belle_sip_list_t* media_descriptions;
@@ -377,6 +379,31 @@ static void test_session_description(void) {
 	return;
 }

+static void test_overflow(void){
+	belle_sdp_session_description_t* sdp;
+	belle_sip_list_t *mds;
+	belle_sdp_media_description_t *vmd;
+	int i;
+	const int buffsize=1024;