[0.10] gst-plugins-base: rtcpbuffer: prevent overflow of 16bit header length.
Tim Müller
tpm at kemper.freedesktop.org
Thu Jan 5 13:10:27 PST 2012
Module: gst-plugins-base
Branch: 0.10
Commit: da1b991c056adb035429e1818ec54d5bd5937550
URL: http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=da1b991c056adb035429e1818ec54d5bd5937550
Author: Pascal Buhler <pabuhler at cisco.com>
Date: Wed Oct 12 11:28:10 2011 +0200
rtcpbuffer: prevent overflow of 16bit header length.
RTCP header can be (2^16 + 1) * 4 bytes long, so when validating a bogus
packet it was possible to get a 16bit overflow resulting in a length of 0.
This would put the gst_rtcp_buffer_validate_data function in a endless loop.
https://bugzilla.gnome.org/show_bug.cgi?id=667313
---
gst-libs/gst/rtp/gstrtcpbuffer.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/gst-libs/gst/rtp/gstrtcpbuffer.c b/gst-libs/gst/rtp/gstrtcpbuffer.c
index fbd928c..539f763 100644
--- a/gst-libs/gst/rtp/gstrtcpbuffer.c
+++ b/gst-libs/gst/rtp/gstrtcpbuffer.c
@@ -111,7 +111,7 @@ gboolean
gst_rtcp_buffer_validate_data (guint8 * data, guint len)
{
guint16 header_mask;
- guint16 header_len;
+ guint header_len;
guint8 version;
guint data_len;
gboolean padding;
More information about the gstreamer-commits
mailing list