mirrors/gstreamer
mirrors/gstreamer
1
1
Fork 0
mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git synced 2024-07-03 21:25:54 +00:00
Code Issues 1 Projects Releases Wiki Activity

rtpsession: Handle zero length feedback packets

Browse source 
https://bugzilla.gnome.org/show_bug.cgi?id=791074
This commit is contained in:
Haakon Sporsheim 2017-08-25 11:57:26 +02:00 committed by Tim-Philipp Müller
parent b4ca81591c
commit 3c0d006c03
2 changed files with 40 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
gst/rtpmanager/rtpsession.c
View file

@ -2709,20 +2709,31 @@ static void
rtp_session_process_feedback (RTPSession * sess, GstRTCPPacket * packet,
RTPPacketInfo * pinfo, GstClockTime current_time)
{
GstRTCPType type = gst_rtcp_packet_get_type (packet);
GstRTCPFBType fbtype = gst_rtcp_packet_fb_get_type (packet);
guint32 sender_ssrc = gst_rtcp_packet_fb_get_sender_ssrc (packet);
guint32 media_ssrc = gst_rtcp_packet_fb_get_media_ssrc (packet);
guint8 *fci_data = gst_rtcp_packet_fb_get_fci (packet);
guint fci_length = 4 * gst_rtcp_packet_fb_get_fci_length (packet);
GstRTCPType type;
GstRTCPFBType fbtype;
guint32 sender_ssrc, media_ssrc;
guint8 *fci_data;
guint fci_length;
RTPSource *src;
/* The feedback packet must include both sender SSRC and media SSRC */
if (packet->length < 2)
return;
type = gst_rtcp_packet_get_type (packet);
fbtype = gst_rtcp_packet_fb_get_type (packet);
sender_ssrc = gst_rtcp_packet_fb_get_sender_ssrc (packet);
media_ssrc = gst_rtcp_packet_fb_get_media_ssrc (packet);
src = find_source (sess, media_ssrc);
/* skip non-bye packets for sources that are marked BYE */
if (sess->scheduled_bye && src && RTP_SOURCE_IS_MARKED_BYE (src))
return;
fci_data = gst_rtcp_packet_fb_get_fci (packet);
fci_length = gst_rtcp_packet_fb_get_fci_length (packet) * sizeof (guint32);
GST_DEBUG ("received feedback %d:%d from %08X about %08X with FCI of "
"length %d", type, fbtype, sender_ssrc, media_ssrc, fci_length);

23
tests/check/elements/rtpsession.c
View file

@ -683,6 +683,28 @@ GST_START_TEST (test_ignore_suspicious_bye)
GST_END_TEST;
GST_START_TEST (test_illegal_rtcp_fb_packet)
{
SessionHarness *h = session_harness_new ();
GstBuffer *buf;
/* Zero length RTCP feedback packet (reduced size) */
const guint8 rtcp_zero_fb_pkt[] = { 0x8f, 0xce, 0x00, 0x00 };
g_object_set (h->internal_session, "internal-ssrc", 0xDEADBEEF, NULL);
buf = gst_buffer_new_and_alloc (sizeof (rtcp_zero_fb_pkt));
gst_buffer_fill (buf, 0, rtcp_zero_fb_pkt, sizeof (rtcp_zero_fb_pkt));
GST_BUFFER_DTS (buf) = GST_BUFFER_PTS (buf) = G_GUINT64_CONSTANT (0);
/* Push the packet, this did previously crash because length of packet was
* never validated. */
fail_unless_equals_int (GST_FLOW_OK, session_harness_recv_rtcp (h, buf));
session_harness_free (h);
}
GST_END_TEST;
static Suite *
rtpsession_suite (void)
{
@ -697,6 +719,7 @@ rtpsession_suite (void)
tcase_add_test (tc_chain, test_dont_lock_on_stats);
tcase_add_test (tc_chain, test_ignore_suspicious_bye);
tcase_add_test (tc_chain, test_illegal_rtcp_fb_packet);
return s;
}