[libav-commits] rtmp: Prevent reading outside of an allocate buffer when receiving server bandwidth packets

Samuel Pitoiset Thu, 26 Jul 2012 13:05:47 -0700

Module: libav
Branch: master
Commit: 2357f606876173a25acf3130868e374cc44c5f47


Author:    Samuel Pitoiset <samuel.pitoi...@gmail.com>
Committer: Martin Storsjö <mar...@martin.st>
Date:      Thu Jul 26 14:05:18 2012 +0200

rtmp: Prevent reading outside of an allocate buffer when receiving server 
bandwidth packets

Signed-off-by: Martin Storsjö <mar...@martin.st>

---

 libavformat/rtmpproto.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/libavformat/rtmpproto.c b/libavformat/rtmpproto.c
index a2efe38..183afae 100644
--- a/libavformat/rtmpproto.c
+++ b/libavformat/rtmpproto.c
@@ -950,6 +950,13 @@ static int handle_server_bw(URLContext *s, RTMPPacket *pkt)
 {
     RTMPContext *rt = s->priv_data;
 
+    if (pkt->data_size < 4) {
+        av_log(s, AV_LOG_ERROR,
+               "Too short server bandwidth report packet (%d)\n",
+               pkt->data_size);
+        return AVERROR_INVALIDDATA;
+    }
+
     rt->server_bw = AV_RB32(pkt->data);
     if (rt->server_bw <= 0) {
         av_log(s, AV_LOG_ERROR, "Incorrect server bandwidth %d\n",

_______________________________________________
libav-commits mailing list
libav-commits@libav.org
https://lists.libav.org/mailman/listinfo/libav-commits

[libav-commits] rtmp: Prevent reading outside of an allocate buffer when receiving server bandwidth packets

Reply via email to