[FFmpeg-cvslog] rtmp: Prevent reading outside of an allocate buffer	when receiving server bandwidth packets
    Samuel Pitoiset 
    git at videolan.org
       
    Sat Jul 28 00:10:40 CEST 2012
    
    
  
ffmpeg | branch: master | Samuel Pitoiset <samuel.pitoiset at gmail.com> | Thu Jul 26 14:05:18 2012 +0200| [2357f606876173a25acf3130868e374cc44c5f47] | committer: Martin Storsjö
rtmp: Prevent reading outside of an allocate buffer when receiving server bandwidth packets
Signed-off-by: Martin Storsjö <martin at martin.st>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2357f606876173a25acf3130868e374cc44c5f47
---
 libavformat/rtmpproto.c |    7 +++++++
 1 file changed, 7 insertions(+)
diff --git a/libavformat/rtmpproto.c b/libavformat/rtmpproto.c
index a2efe38..183afae 100644
--- a/libavformat/rtmpproto.c
+++ b/libavformat/rtmpproto.c
@@ -950,6 +950,13 @@ static int handle_server_bw(URLContext *s, RTMPPacket *pkt)
 {
     RTMPContext *rt = s->priv_data;
 
+    if (pkt->data_size < 4) {
+        av_log(s, AV_LOG_ERROR,
+               "Too short server bandwidth report packet (%d)\n",
+               pkt->data_size);
+        return AVERROR_INVALIDDATA;
+    }
+
     rt->server_bw = AV_RB32(pkt->data);
     if (rt->server_bw <= 0) {
         av_log(s, AV_LOG_ERROR, "Incorrect server bandwidth %d\n",
    
    
More information about the ffmpeg-cvslog
mailing list