[FFmpeg-cvslog] rtmp: Do not misuse memcmp
Luca Barbato
git at videolan.org
Mon Nov 4 18:19:06 CET 2013
ffmpeg | branch: release/0.10 | Luca Barbato <lu_zero at gentoo.org> | Thu Aug 8 19:44:19 2013 +0200| [a9ebc17b2dd5518730213c672dce714a7a50d8ca] | committer: Luca Barbato
rtmp: Do not misuse memcmp
CC: libav-stable at libav.org
(cherry picked from commit 5718e3487ba3b26aba341070be0b6b0b4de45ea3)
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>
Conflicts:
libavformat/rtmppkt.h
libavformat/rtmpproto.c
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a9ebc17b2dd5518730213c672dce714a7a50d8ca
---
libavformat/rtmppkt.c | 33 +++++++++++++++++++++++++++++++++
libavformat/rtmppkt.h | 7 +++++++
libavformat/rtmpproto.c | 9 +++++----
3 files changed, 45 insertions(+), 4 deletions(-)
diff --git a/libavformat/rtmppkt.c b/libavformat/rtmppkt.c
index 750dd78..9ca4bf3 100644
--- a/libavformat/rtmppkt.c
+++ b/libavformat/rtmppkt.c
@@ -448,3 +448,36 @@ void ff_rtmp_packet_dump(void *ctx, RTMPPacket *p)
av_log(ctx, AV_LOG_DEBUG, "\n");
}
}
+
+int ff_amf_match_string(const uint8_t *data, int size, const char *str)
+{
+ int len = strlen(str);
+ int amf_len, type;
+
+ if (size < 1)
+ return 0;
+
+ type = *data++;
+
+ if (type != AMF_DATA_TYPE_LONG_STRING &&
+ type != AMF_DATA_TYPE_STRING)
+ return 0;
+
+ if (type == AMF_DATA_TYPE_LONG_STRING) {
+ if ((size -= 4 + 1) < 0)
+ return 0;
+ amf_len = bytestream_get_be32(&data);
+ } else {
+ if ((size -= 2 + 1) < 0)
+ return 0;
+ amf_len = bytestream_get_be16(&data);
+ }
+
+ if (amf_len > size)
+ return 0;
+
+ if (amf_len != len)
+ return 0;
+
+ return !memcmp(data, str, len);
+}
diff --git a/libavformat/rtmppkt.h b/libavformat/rtmppkt.h
index 765ca2d..04eacf8 100644
--- a/libavformat/rtmppkt.h
+++ b/libavformat/rtmppkt.h
@@ -218,6 +218,13 @@ void ff_amf_write_field_name(uint8_t **dst, const char *str);
*/
void ff_amf_write_object_end(uint8_t **dst);
+/**
+ * Match AMF string with a NULL-terminated string.
+ *
+ * @return 0 if the strings do not match.
+ */
+int ff_amf_match_string(const uint8_t *data, int size, const char *str);
+
/** @} */ // AMF funcs
#endif /* AVFORMAT_RTMPPKT_H */
diff --git a/libavformat/rtmpproto.c b/libavformat/rtmpproto.c
index 9e2a7ab..8dc8f0a 100644
--- a/libavformat/rtmpproto.c
+++ b/libavformat/rtmpproto.c
@@ -588,14 +588,14 @@ static int rtmp_parse_result(URLContext *s, RTMPContext *rt, RTMPPacket *pkt)
break;
case RTMP_PT_INVOKE:
//TODO: check for the messages sent for wrong state?
- if (!memcmp(pkt->data, "\002\000\006_error", 9)) {
+ if (ff_amf_match_string(pkt->data, pkt->size, "_error")) {
uint8_t tmpstr[256];
if (!ff_amf_get_field_value(pkt->data + 9, data_end,
"description", tmpstr, sizeof(tmpstr)))
av_log(s, AV_LOG_ERROR, "Server error: %s\n",tmpstr);
return -1;
- } else if (!memcmp(pkt->data, "\002\000\007_result", 10)) {
+ } else if (ff_amf_match_string(pkt->data, pkt->size, "_result")) {
switch (rt->state) {
case STATE_HANDSHAKED:
if (!rt->is_input) {
@@ -636,7 +636,7 @@ static int rtmp_parse_result(URLContext *s, RTMPContext *rt, RTMPPacket *pkt)
rt->state = STATE_READY;
break;
}
- } else if (!memcmp(pkt->data, "\002\000\010onStatus", 11)) {
+ } else if (ff_amf_match_string(pkt->data, pkt->size, "onStatus")) {
const uint8_t* ptr = pkt->data + 11;
uint8_t tmpstr[256];
@@ -724,7 +724,8 @@ static int get_packet(URLContext *s, int for_header)
continue;
}
if (rpkt.type == RTMP_PT_VIDEO || rpkt.type == RTMP_PT_AUDIO ||
- (rpkt.type == RTMP_PT_NOTIFY && !memcmp("\002\000\012onMetaData", rpkt.data, 13))) {
+ (rpkt.type == RTMP_PT_NOTIFY &&
+ ff_amf_match_string(rpkt.data, rpkt.size, "onMetaData"))) {
ts = rpkt.timestamp;
// generate packet header and put data into buffer for FLV demuxer
More information about the ffmpeg-cvslog
mailing list