[FFmpeg-devel] [PATCH] avformat/rtp: Pass sources and block filter addresses via sdp file for rtp

Andreas Rheinhardt andreas.rheinhardt at gmail.com
Sat Mar 28 02:02:30 EET 2020 

phunkyfish:
> ---
>  libavformat/rtsp.c | 49 ++++++++++++++++++++++++++++++++++++++--------
>  1 file changed, 41 insertions(+), 8 deletions(-)
> 
> diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
> index cd6fc32a29..d23ec5723e 100644
> --- a/libavformat/rtsp.c
> +++ b/libavformat/rtsp.c
> @@ -2447,8 +2447,8 @@ static int rtp_probe(const AVProbeData *p)
>  static int rtp_read_header(AVFormatContext *s)
>  {
>      uint8_t recvbuf[RTP_MAX_PACKET_LENGTH];
> -    char host[500], sdp[500];
> -    int ret, port;
> +    char host[500], sdp[1000], filters_buf[1000];
> +    int ret, port, sdp_length, nc;
>      URLContext* in = NULL;
>      int payload_type;
>      AVCodecParameters *par = NULL;
> @@ -2456,6 +2456,7 @@ static int rtp_read_header(AVFormatContext *s)
>      AVIOContext pb;
>      socklen_t addrlen = sizeof(addr);
>      RTSPState *rt = s->priv_data;
> +    const char *p;
>  
>      if (!ff_network_init())
>          return AVERROR(EIO);
> @@ -2513,12 +2514,41 @@ static int rtp_read_header(AVFormatContext *s)
>      av_url_split(NULL, 0, NULL, 0, host, sizeof(host), &port,
>                   NULL, 0, s->url);
>  
> -    snprintf(sdp, sizeof(sdp),
> -             "v=0\r\nc=IN IP%d %s\r\nm=%s %d RTP/AVP %d\r\n",
> -             addr.ss_family == AF_INET ? 4 : 6, host,
> -             par->codec_type == AVMEDIA_TYPE_DATA  ? "application" :
> -             par->codec_type == AVMEDIA_TYPE_VIDEO ? "video" : "audio",
> -             port, payload_type);
> +    sdp_length = snprintf(sdp + sdp_length, sizeof(sdp) - sdp_length,
> +                          "v=0\r\nc=IN IP%d %s\r\n",
> +                          addr.ss_family == AF_INET ? 4 : 6, host);
> +

sdp_length is used uninitialized here it is used uninitialized in the
version that was merged as b71685865fe761925feedda3cd0b288224d9a509. The
newer versions [2], [3] don't exhibit this flaw.

[3] and [1] also have a flaw in common that [2] and this one are
lacking: The semicolon of the definition of const char *p is missing.

Finally, neither of these versions here seems to have been based upon
git master which contains a call to av_log() directly after the above
snprintf.

- Andreas

[1]: https://ffmpeg.org/pipermail/ffmpeg-devel/2020-March/257887.html
[2]: https://ffmpeg.org/pipermail/ffmpeg-devel/2020-March/257989.html
[3]: https://ffmpeg.org/pipermail/ffmpeg-devel/2020-March/259128.html

More information about the ffmpeg-devel mailing list