[FFmpeg-devel] [PATCH] RTSP-MS 4/15: blocksize detection
Ronald S. Bultje
rsbultje
Tue Jan 6 17:15:30 CET 2009
Hi,
On Tue, Jan 6, 2009 at 10:18 AM, Michael Niedermayer <michaelni at gmx.at> wrote:
> On Mon, Jan 05, 2009 at 11:57:24PM -0500, Ronald S. Bultje wrote:
>> attached patch parses the "Blocksize" field in the RTSP reply header
>> in response to each SETUP request (one per m= line in the SDP). This
>> is the maximum amount of data contained in a single RTP packet
>> transmitted by the server, and can be larger than
>> RTP_MAX_PACKET_LENGTH (it's one of those things where it's not 100%
>> RTP-compliant). I'm parsing it, taking the max Blocksize value and
>> then the max between this "max. blocksize value" and
>> RTP_MAX_PACKET_LENGTH to determine the buffer size for reading
>> individual RTP packets.
[..]
>> @@ -1299,7 +1305,7 @@
>> RTSPState *rt = s->priv_data;
>> RTSPStream *rtsp_st;
>> int ret, len;
>> - uint8_t buf[RTP_MAX_PACKET_LENGTH];
>> + uint8_t buf[s->packet_size];
>
> this might be exploitable
> packet_size can be set to an arbitrary large value, the stack is not
> that large ...
That's a good point, I will introduce a max. size
(RTP_MAX_PACKET_LENGTH*10 or so)? ASF usually has ~4kb blocksizes
(google it, you'll get a few random SETUP responses),
MAX_PACKET_LENGTH is 1.5 kb or so, 15kb sould be more than enough.
Ronald
More information about the ffmpeg-devel
mailing list