[FFmpeg-cvslog] rtmp: Prevent reading outside of an allocate buffer when receiving server bandwidth packets
Samuel Pitoiset
git at videolan.org
Sat Jul 28 00:10:40 CEST 2012
ffmpeg | branch: master | Samuel Pitoiset <samuel.pitoiset at gmail.com> | Thu Jul 26 14:05:18 2012 +0200| [2357f606876173a25acf3130868e374cc44c5f47] | committer: Martin Storsjö
rtmp: Prevent reading outside of an allocate buffer when receiving server bandwidth packets
Signed-off-by: Martin Storsjö <martin at martin.st>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2357f606876173a25acf3130868e374cc44c5f47
---
libavformat/rtmpproto.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/libavformat/rtmpproto.c b/libavformat/rtmpproto.c
index a2efe38..183afae 100644
--- a/libavformat/rtmpproto.c
+++ b/libavformat/rtmpproto.c
@@ -950,6 +950,13 @@ static int handle_server_bw(URLContext *s, RTMPPacket *pkt)
{
RTMPContext *rt = s->priv_data;
+ if (pkt->data_size < 4) {
+ av_log(s, AV_LOG_ERROR,
+ "Too short server bandwidth report packet (%d)\n",
+ pkt->data_size);
+ return AVERROR_INVALIDDATA;
+ }
+
rt->server_bw = AV_RB32(pkt->data);
if (rt->server_bw <= 0) {
av_log(s, AV_LOG_ERROR, "Incorrect server bandwidth %d\n",
More information about the ffmpeg-cvslog
mailing list