[FFmpeg-devel] [PATCH] RTSP-MS 4/15: blocksize detection
Michael Niedermayer
michaelni
Tue Jan 6 16:18:26 CET 2009
On Mon, Jan 05, 2009 at 11:57:24PM -0500, Ronald S. Bultje wrote:
> Hi,
>
> attached patch parses the "Blocksize" field in the RTSP reply header
> in response to each SETUP request (one per m= line in the SDP). This
> is the maximum amount of data contained in a single RTP packet
> transmitted by the server, and can be larger than
> RTP_MAX_PACKET_LENGTH (it's one of those things where it's not 100%
> RTP-compliant). I'm parsing it, taking the max Blocksize value and
> then the max between this "max. blocksize value" and
> RTP_MAX_PACKET_LENGTH to determine the buffer size for reading
> individual RTP packets.
>
> Ronald
> Index: ffmpeg-svn/libavformat/rtsp.c
> ===================================================================
> --- ffmpeg-svn.orig/libavformat/rtsp.c 2009-01-05 19:58:10.000000000 -0500
> +++ ffmpeg-svn/libavformat/rtsp.c 2009-01-05 19:58:14.000000000 -0500
> @@ -691,6 +691,10 @@
> } else if (av_stristart(p, "Server:", &p)) {
> skip_spaces(&p);
> av_strlcpy(reply->server, p, sizeof(reply->server));
> + } else if (av_stristart(p, "Blocksize:", &p)) {
> + int blocksize = strtol(p, NULL, 10);
> + if (blocksize > reply->max_blocksize)
> + reply->max_blocksize = blocksize;
> }
> }
>
> @@ -1035,6 +1039,8 @@
> if (rt->server_type == RTSP_SERVER_REAL)
> rt->need_subscription = 1;
>
> + s->packet_size = FFMAX(reply->max_blocksize, RTP_MAX_PACKET_LENGTH);
> +
> return 0;
>
> fail:
> @@ -1299,7 +1305,7 @@
> RTSPState *rt = s->priv_data;
> RTSPStream *rtsp_st;
> int ret, len;
> - uint8_t buf[RTP_MAX_PACKET_LENGTH];
> + uint8_t buf[s->packet_size];
this might be exploitable
packet_size can be set to an arbitrary large value, the stack is not
that large ...
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Its not that you shouldnt use gotos but rather that you should write
readable code and code with gotos often but not always is less readable
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090106/4723de59/attachment.pgp>
More information about the ffmpeg-devel
mailing list