Module: libav Branch: master Commit: 2357f606876173a25acf3130868e374cc44c5f47
Author: Samuel Pitoiset <samuel.pitoi...@gmail.com> Committer: Martin Storsjö <mar...@martin.st> Date: Thu Jul 26 14:05:18 2012 +0200 rtmp: Prevent reading outside of an allocate buffer when receiving server bandwidth packets Signed-off-by: Martin Storsjö <mar...@martin.st> --- libavformat/rtmpproto.c | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-) diff --git a/libavformat/rtmpproto.c b/libavformat/rtmpproto.c index a2efe38..183afae 100644 --- a/libavformat/rtmpproto.c +++ b/libavformat/rtmpproto.c @@ -950,6 +950,13 @@ static int handle_server_bw(URLContext *s, RTMPPacket *pkt) { RTMPContext *rt = s->priv_data; + if (pkt->data_size < 4) { + av_log(s, AV_LOG_ERROR, + "Too short server bandwidth report packet (%d)\n", + pkt->data_size); + return AVERROR_INVALIDDATA; + } + rt->server_bw = AV_RB32(pkt->data); if (rt->server_bw <= 0) { av_log(s, AV_LOG_ERROR, "Incorrect server bandwidth %d\n", _______________________________________________ libav-commits mailing list libav-commits@libav.org https://lists.libav.org/mailman/listinfo/libav-commits