[FFmpeg-cvslog] rtmp: Do not misuse memcmp

Luca Barbato git at videolan.org
Mon Nov 4 18:19:06 CET 2013


ffmpeg | branch: release/0.10 | Luca Barbato <lu_zero at gentoo.org> | Thu Aug  8 19:44:19 2013 +0200| [a9ebc17b2dd5518730213c672dce714a7a50d8ca] | committer: Luca Barbato

rtmp: Do not misuse memcmp

CC: libav-stable at libav.org
(cherry picked from commit 5718e3487ba3b26aba341070be0b6b0b4de45ea3)
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>

Conflicts:
	libavformat/rtmppkt.h
	libavformat/rtmpproto.c

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a9ebc17b2dd5518730213c672dce714a7a50d8ca
---

 libavformat/rtmppkt.c   |   33 +++++++++++++++++++++++++++++++++
 libavformat/rtmppkt.h   |    7 +++++++
 libavformat/rtmpproto.c |    9 +++++----
 3 files changed, 45 insertions(+), 4 deletions(-)

diff --git a/libavformat/rtmppkt.c b/libavformat/rtmppkt.c
index 750dd78..9ca4bf3 100644
--- a/libavformat/rtmppkt.c
+++ b/libavformat/rtmppkt.c
@@ -448,3 +448,36 @@ void ff_rtmp_packet_dump(void *ctx, RTMPPacket *p)
         av_log(ctx, AV_LOG_DEBUG, "\n");
     }
 }
+
+int ff_amf_match_string(const uint8_t *data, int size, const char *str)
+{
+    int len = strlen(str);
+    int amf_len, type;
+
+    if (size < 1)
+        return 0;
+
+    type = *data++;
+
+    if (type != AMF_DATA_TYPE_LONG_STRING &&
+        type != AMF_DATA_TYPE_STRING)
+        return 0;
+
+    if (type == AMF_DATA_TYPE_LONG_STRING) {
+        if ((size -= 4 + 1) < 0)
+            return 0;
+        amf_len = bytestream_get_be32(&data);
+    } else {
+        if ((size -= 2 + 1) < 0)
+            return 0;
+        amf_len = bytestream_get_be16(&data);
+    }
+
+    if (amf_len > size)
+        return 0;
+
+    if (amf_len != len)
+        return 0;
+
+    return !memcmp(data, str, len);
+}
diff --git a/libavformat/rtmppkt.h b/libavformat/rtmppkt.h
index 765ca2d..04eacf8 100644
--- a/libavformat/rtmppkt.h
+++ b/libavformat/rtmppkt.h
@@ -218,6 +218,13 @@ void ff_amf_write_field_name(uint8_t **dst, const char *str);
  */
 void ff_amf_write_object_end(uint8_t **dst);
 
+/**
+ * Match AMF string with a NULL-terminated string.
+ *
+ * @return 0 if the strings do not match.
+ */
+int ff_amf_match_string(const uint8_t *data, int size, const char *str);
+
 /** @} */ // AMF funcs
 
 #endif /* AVFORMAT_RTMPPKT_H */
diff --git a/libavformat/rtmpproto.c b/libavformat/rtmpproto.c
index 9e2a7ab..8dc8f0a 100644
--- a/libavformat/rtmpproto.c
+++ b/libavformat/rtmpproto.c
@@ -588,14 +588,14 @@ static int rtmp_parse_result(URLContext *s, RTMPContext *rt, RTMPPacket *pkt)
         break;
     case RTMP_PT_INVOKE:
         //TODO: check for the messages sent for wrong state?
-        if (!memcmp(pkt->data, "\002\000\006_error", 9)) {
+        if (ff_amf_match_string(pkt->data, pkt->size, "_error")) {
             uint8_t tmpstr[256];
 
             if (!ff_amf_get_field_value(pkt->data + 9, data_end,
                                         "description", tmpstr, sizeof(tmpstr)))
                 av_log(s, AV_LOG_ERROR, "Server error: %s\n",tmpstr);
             return -1;
-        } else if (!memcmp(pkt->data, "\002\000\007_result", 10)) {
+        } else if (ff_amf_match_string(pkt->data, pkt->size, "_result")) {
             switch (rt->state) {
             case STATE_HANDSHAKED:
                 if (!rt->is_input) {
@@ -636,7 +636,7 @@ static int rtmp_parse_result(URLContext *s, RTMPContext *rt, RTMPPacket *pkt)
                 rt->state = STATE_READY;
                 break;
             }
-        } else if (!memcmp(pkt->data, "\002\000\010onStatus", 11)) {
+        } else if (ff_amf_match_string(pkt->data, pkt->size, "onStatus")) {
             const uint8_t* ptr = pkt->data + 11;
             uint8_t tmpstr[256];
 
@@ -724,7 +724,8 @@ static int get_packet(URLContext *s, int for_header)
             continue;
         }
         if (rpkt.type == RTMP_PT_VIDEO || rpkt.type == RTMP_PT_AUDIO ||
-           (rpkt.type == RTMP_PT_NOTIFY && !memcmp("\002\000\012onMetaData", rpkt.data, 13))) {
+           (rpkt.type == RTMP_PT_NOTIFY &&
+            ff_amf_match_string(rpkt.data, rpkt.size, "onMetaData"))) {
             ts = rpkt.timestamp;
 
             // generate packet header and put data into buffer for FLV demuxer



More information about the ffmpeg-cvslog mailing list