[FFmpeg-cvslog] avformat/rtmppkt: Check for packet size mismatches
Michael Niedermayer
git at videolan.org
Tue Dec 6 01:27:33 EET 2016
ffmpeg | branch: release/3.2 | Michael Niedermayer <michael at niedermayer.cc> | Mon Dec 5 11:14:51 2016 +0100| [32b95471a86ae383c0f76361d954aec511f7043a] | committer: Michael Niedermayer
avformat/rtmppkt: Check for packet size mismatches
Fixes out of array access
Found-by: Paul Cher <paulcher at icloud.com>
Reviewed-by: Paul Cher <paulcher at icloud.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7d57ca4d9a75562fa32e40766211de150f8b3ee7)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=32b95471a86ae383c0f76361d954aec511f7043a
---
libavformat/rtmppkt.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/libavformat/rtmppkt.c b/libavformat/rtmppkt.c
index 0d693c2..cde0da7 100644
--- a/libavformat/rtmppkt.c
+++ b/libavformat/rtmppkt.c
@@ -235,6 +235,14 @@ static int rtmp_packet_read_one_chunk(URLContext *h, RTMPPacket *p,
if (hdr != RTMP_PS_TWELVEBYTES)
timestamp += prev_pkt[channel_id].timestamp;
+ if (prev_pkt[channel_id].read && size != prev_pkt[channel_id].size) {
+ av_log(NULL, AV_LOG_ERROR, "RTMP packet size mismatch %d != %d\n",
+ size,
+ prev_pkt[channel_id].size);
+ ff_rtmp_packet_destroy(&prev_pkt[channel_id]);
+ prev_pkt[channel_id].read = 0;
+ }
+
if (!prev_pkt[channel_id].read) {
if ((ret = ff_rtmp_packet_create(p, channel_id, type, timestamp,
size)) < 0)
More information about the ffmpeg-cvslog
mailing list