PR #23167 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23167 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23167.patch
Reported by Franciszek Kalinowski (isec.pl / striga.ai) and Bartosz Smigielski. >From dc53dc787e2cae8906b8097a5759bd48fb391ff0 Mon Sep 17 00:00:00 2001 From: Franciszek Kalinowski <[email protected]> Date: Tue, 19 May 2026 09:34:01 +0200 Subject: [PATCH] avformat/rtpenc_xiph: bail out when the max payload size underflows Reported by Franciszek Kalinowski (isec.pl / striga.ai) and Bartosz Smigielski. --- libavformat/rtpenc_xiph.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/rtpenc_xiph.c b/libavformat/rtpenc_xiph.c index 00c29a7d02..afea1eb79f 100644 --- a/libavformat/rtpenc_xiph.c +++ b/libavformat/rtpenc_xiph.c @@ -38,6 +38,10 @@ void ff_rtp_send_xiph(AVFormatContext *s1, const uint8_t *buff, int size) uint8_t *q; max_pkt_size = s->max_payload_size - 6; // ident+frag+tdt/vdt+pkt_num+pkt_length + if (max_pkt_size <= 0) { + av_log(s1, AV_LOG_ERROR, "Max payload size too small for Xiph RTP\n"); + return; + } // set xiph data type switch (*buff) { -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
