[Bug 667313] New: rtcpbuffer: prevent overflow of 16bit header length.
GStreamer (bugzilla.gnome.org)
bugzilla at gnome.org
Wed Jan 4 12:56:42 PST 2012
https://bugzilla.gnome.org/show_bug.cgi?id=667313
GStreamer | gst-plugins-base | git
Summary: rtcpbuffer: prevent overflow of 16bit header length.
Classification: Platform
Product: GStreamer
Version: git
OS/Version: All
Status: UNCONFIRMED
Severity: major
Priority: Normal
Component: gst-plugins-base
AssignedTo: gstreamer-bugs at lists.freedesktop.org
ReportedBy: havard.graff at tandberg.com
QAContact: gstreamer-bugs at lists.freedesktop.org
GNOME version: ---
Created an attachment (id=204631)
View: https://bugzilla.gnome.org/attachment.cgi?id=204631
Review: https://bugzilla.gnome.org/review?bug=667313&attachment=204631
patch
RTCP header can be (2^16 + 1) * 4 bytes long, so when validating a bogus
packet it was possible to get a 16bit overflow resulting in a length of 0.
This would put the gst_rtcp_buffer_validate_data function in a endless loop.
--
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
More information about the gstreamer-bugs
mailing list