[FFmpeg-devel] [PATCH v2] Fix sdp size check on fmtp integer parameters
Olivier MAIGNIAL
olivier.maignial at smile.fr
Wed Apr 17 16:53:03 EEST 2019
Hello all
Just a reminder for this patch
On Mon, Apr 1, 2019 at 4:45 PM Olivier Maignial <olivier.maignial at smile.fr>
wrote:
> RFC-4566 do not give any limit of size on interger parameters given in
> fmtp line.
> By reading some more RFCs it is possible to find examples where some
> integers parameters are greater than 32 (see RFC-6416, 7.4)
>
> Instead I propose to check just check the eventual integer overflow.
> Using INT_MIN and INT_MAX ensure that it will work whatever the size of
> int given by compiler
>
> Signed-off-by: Olivier Maignial <olivier.maignial at smile.fr>
> ---
>
> Changes v1 -> v2:
> - Removed line break at end of 'if' line before brace
> - Added Signed-Off-By line
>
> libavformat/rtpdec_mpeg4.c | 16 ++++++++++++----
> 1 file changed, 12 insertions(+), 4 deletions(-)
>
> diff --git a/libavformat/rtpdec_mpeg4.c b/libavformat/rtpdec_mpeg4.c
> index 994ab49..14caa0a 100644
> --- a/libavformat/rtpdec_mpeg4.c
> +++ b/libavformat/rtpdec_mpeg4.c
> @@ -289,15 +289,23 @@ static int parse_fmtp(AVFormatContext *s,
> for (i = 0; attr_names[i].str; ++i) {
> if (!av_strcasecmp(attr, attr_names[i].str)) {
> if (attr_names[i].type == ATTR_NAME_TYPE_INT) {
> - int val = atoi(value);
> - if (val > 32) {
> + char *end_ptr = NULL;
> + long int val = strtol(value, &end_ptr, 10);
> + if (value[0] == '\n' || end_ptr[0] != '\0') {
> av_log(s, AV_LOG_ERROR,
> - "The %s field size is invalid (%d)\n",
> + "The %s field value is not a number
> (%s)\n",
> + attr, value);
> + return AVERROR_INVALIDDATA;
> + }
> +
> + if (val > INT_MAX || val < INT_MIN) {
> + av_log(s, AV_LOG_ERROR,
> + "The %s field size is invalid (%ld)\n",
> attr, val);
> return AVERROR_INVALIDDATA;
> }
> *(int *)((char *)data+
> - attr_names[i].offset) = val;
> + attr_names[i].offset) = (int) val;
> } else if (attr_names[i].type == ATTR_NAME_TYPE_STR) {
> char *val = av_strdup(value);
> if (!val)
> --
> 2.7.4
>
>
More information about the ffmpeg-devel
mailing list