[FFmpeg-devel] [PATCH] RTSP-MS 4/15: blocksize detection

Ronald S. Bultje rsbultje
Tue Jan 6 17:15:30 CET 2009


On Tue, Jan 6, 2009 at 10:18 AM, Michael Niedermayer <michaelni at gmx.at> wrote:
> On Mon, Jan 05, 2009 at 11:57:24PM -0500, Ronald S. Bultje wrote:
>> attached patch parses the "Blocksize" field in the RTSP reply header
>> in response to each SETUP request (one per m= line in the SDP). This
>> is the maximum amount of data contained in a single RTP packet
>> transmitted by the server, and can be larger than
>> RTP_MAX_PACKET_LENGTH (it's one of those things where it's not 100%
>> RTP-compliant). I'm parsing it, taking the max Blocksize value and
>> then the max between this "max. blocksize value" and
>> RTP_MAX_PACKET_LENGTH to determine the buffer size for reading
>> individual RTP packets.
>> @@ -1299,7 +1305,7 @@
>>      RTSPState *rt = s->priv_data;
>>      RTSPStream *rtsp_st;
>>      int ret, len;
>> -    uint8_t buf[RTP_MAX_PACKET_LENGTH];
>> +    uint8_t buf[s->packet_size];
> this might be exploitable
> packet_size can be set to an arbitrary large value, the stack is not
> that large ...

That's a good point, I will introduce a max. size
(RTP_MAX_PACKET_LENGTH*10 or so)? ASF usually has ~4kb blocksizes
(google it, you'll get a few random SETUP responses),
MAX_PACKET_LENGTH is 1.5 kb or so, 15kb sould be more than enough.


More information about the ffmpeg-devel mailing list