[FFmpeg-devel] [PATCH] Fix sdp size check on fmtp integer parameters
Michael Niedermayer
michael at niedermayer.cc
Mon Mar 18 22:47:44 EET 2019
On Mon, Mar 18, 2019 at 04:08:40PM +0100, Olivier Maignial wrote:
> RFC-4566 do not give any limit of size on interger parameters given in fmtp line.
> By reading some more RFCs it is possible to find examples where some integers parameters are greater than 32 (see RFC-6416, 7.4)
> ---
> libavformat/rtpdec_mpeg4.c | 17 +++++++++++++----
> 1 file changed, 13 insertions(+), 4 deletions(-)
>
> diff --git a/libavformat/rtpdec_mpeg4.c b/libavformat/rtpdec_mpeg4.c
> index 994ab49..4b86f4a 100644
> --- a/libavformat/rtpdec_mpeg4.c
> +++ b/libavformat/rtpdec_mpeg4.c
> @@ -289,15 +289,24 @@ static int parse_fmtp(AVFormatContext *s,
> for (i = 0; attr_names[i].str; ++i) {
> if (!av_strcasecmp(attr, attr_names[i].str)) {
> if (attr_names[i].type == ATTR_NAME_TYPE_INT) {
> - int val = atoi(value);
> - if (val > 32) {
> + char * end_ptr = NULL;
> + long int val = strtol(value, &end_ptr, 10);
> + if (value[0] == '\n' || end_ptr[0] != '\0')
> + {
> av_log(s, AV_LOG_ERROR,
> - "The %s field size is invalid (%d)\n",
> + "The %s field value is not a number (%s)\n",
> + attr, value);
> + return AVERROR_INVALIDDATA;
> + }
> +
> + if (val > INT_MAX || val < INT_MIN) {
> + av_log(s, AV_LOG_ERROR,
> + "The %s field size is invalid (%ld)\n",
> attr, val);
> return AVERROR_INVALIDDATA;
> }
does this also work as intended if int is 64bit ? (it can be)
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
In a rich man's house there is no place to spit but his face.
-- Diogenes of Sinope
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20190318/d9a05229/attachment.sig>
More information about the ffmpeg-devel
mailing list