[FFmpeg-devel] [PATCH] Add a RTP depacketizer for the X-Qt format

Martin Storsjö martin
Wed Oct 6 14:42:45 CEST 2010


On Wed, 6 Oct 2010, Ronald S. Bultje wrote:

> On Wed, Oct 6, 2010 at 3:56 AM, Martin Storsj? <martin at martin.st> wrote:
> > On Tue, 5 Oct 2010, Ronald S. Bultje wrote:
> >> On Tue, Oct 5, 2010 at 6:07 PM, Martin Storsj? <martin at martin.st> wrote:
> >> > Good catch. Checking if (alen <= 0) as the other switch case already does.
> >> [..]
> >> > + ? ? ? ?data_len = get_bits(&gb, 16);
> >> > +
> >> > + ? ? ? ?url_fseek(&pb, pos + 4, SEEK_SET);
> >> > + ? ? ? ?tag = get_le32(&pb);
> >> > + ? ? ? ?if ((st->codec->codec_type == CODEC_TYPE_VIDEO &&
> >> > + ? ? ? ? ? ? ? ? tag != MKTAG('v','i','d','e')) ||
> >> > + ? ? ? ? ? ?(st->codec->codec_type == CODEC_TYPE_AUDIO &&
> >> > + ? ? ? ? ? ? ? ? tag != MKTAG('s','o','u','n')))
> >> > + ? ? ? ? ? ?return AVERROR_INVALIDDATA;
> >> > + ? ? ? ?av_set_pts_info(st, 32, 1, get_be32(&pb));
> >> > +
> >> > + ? ? ? ?/* TLVs */
> >> > + ? ? ? ?while (url_ftell(&pb) < pos + data_len) {
> >>
> >> I wonder what happens if data_len is a random value (e.g. 0xFFFF) that
> >> is much bigger than the actual buffer size. It should probably be
> >> checked also to not exceed the input buffer size (len).
> >
> > Added boundary checks for this, and checking that the amount of data to
> > read in each block actually is available, and checking that the amount of
> > data left for the payload actually is positive.
> 
> I think this looks good. Feel free to apply.

Great, thanks! Applied.

// Martin



More information about the ffmpeg-devel mailing list