From 07b77fe3871f86b87e35876d38f1969da5ece4b2 Mon Sep 17 00:00:00 2001
From: John Brooks <john.brooks@bluecherry.net>
Date: Wed, 12 Oct 2011 00:53:12 -0600
Subject: [PATCH] rtpdec: Read the packet length for all RTCP packet types
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This allows skipping past unsupported RTCP packet types, as
RFC 3550 section 6.1 mandates.
Currently this only has any practical effect if a sender puts
an unrecognized type before RTCP_BYE in a compounded packet, or
(incorrectly) does not put RTCP_SR first.
Signed-off-by: Martin Storsjö <martin@martin.st>
---
libavformat/rtpdec.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/libavformat/rtpdec.c b/libavformat/rtpdec.c
index 07f4cc35c53..0f6ed27ff6d 100644
--- a/libavformat/rtpdec.c
+++ b/libavformat/rtpdec.c
@@ -112,14 +112,15 @@ RTPDynamicProtocolHandler *ff_rtp_handler_find_by_id(int id,
static int rtcp_parse_packet(RTPDemuxContext *s, const unsigned char *buf, int len)
{
int payload_len;
- while (len >= 2) {
+ while (len >= 4) {
+ payload_len = FFMIN(len, (AV_RB16(buf + 2) + 1) * 4);
+
switch (buf[1]) {
case RTCP_SR:
- if (len < 20) {
+ if (payload_len < 20) {
av_log(NULL, AV_LOG_ERROR, "Invalid length for RTCP SR packet\n");
return AVERROR_INVALIDDATA;
}
- payload_len = (AV_RB16(buf + 2) + 1) * 4;
s->last_rtcp_ntp_time = AV_RB64(buf + 8);
s->last_rtcp_timestamp = AV_RB32(buf + 16);
@@ -130,14 +131,13 @@ static int rtcp_parse_packet(RTPDemuxContext *s, const unsigned char *buf, int l
s->rtcp_ts_offset = s->last_rtcp_timestamp - s->base_timestamp;
}
- buf += payload_len;
- len -= payload_len;
break;
case RTCP_BYE:
return -RTCP_BYE;
- default:
- return -1;
}
+
+ buf += payload_len;
+ len -= payload_len;
}
return -1;
}
--
GitLab