mirrors/gstreamer
mirrors/gstreamer
1
1
Fork 0
mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git synced 2025-01-23 07:38:16 +00:00
Code Issues 1 Projects Releases Wiki Activity

rtcpbuffer: do additional packet checks

Browse source 
Check the packet size and avoid crashing on malformed packets.

Fixes https://bugzilla.gnome.org/show_bug.cgi?id=655727
This commit is contained in:
Wim Taymans 2013-08-26 11:47:40 +02:00
parent b848f38215
commit ca1dac6982
1 changed files with 21 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
gst-libs/gst/rtp/gstrtcpbuffer.c
View file

@ -799,6 +799,7 @@ gst_rtcp_packet_get_rb (GstRTCPPacket * packet, guint nth, guint32 * ssrc,
guint8 * fractionlost, gint32 * packetslost, guint32 * exthighestseq,
guint32 * jitter, guint32 * lsr, guint32 * dlsr)
{
guint offset;
guint8 *data;
guint32 tmp;
@ -807,18 +808,31 @@ gst_rtcp_packet_get_rb (GstRTCPPacket * packet, guint nth, guint32 * ssrc,
packet->type == GST_RTCP_TYPE_SR);
g_return_if_fail (packet->rtcp != NULL);
g_return_if_fail (packet->rtcp->map.flags & GST_MAP_READ);
g_return_if_fail (nth < packet->count);
data = packet->rtcp->map.data;
/* skip header */
data += packet->offset + 4;
/* get offset in 32-bits words into packet, skip the header */
if (packet->type == GST_RTCP_TYPE_RR)
data += 4;
offset = 2;
else
data += 24;
offset = 7;
/* move to requested index */
data += (nth * 24);
offset += (nth * 6);
/* check that we don't go past the packet length */
if (offset > packet->length)
return;
/* scale to bytes */
offset <<= 2;
offset += packet->offset;
/* check if the packet is valid */
if (offset + 24 > packet->rtcp->map.size)
return;
data = packet->rtcp->map.data;
data += offset;
if (ssrc)
*ssrc = GST_READ_UINT32_BE (data);