Commit e982142

author

Alessandro Toppi

committed

More fixes to RTP parsing.

1 parent 3f4960d commit e982142Copy full SHA for e982142

File tree

-12

lines changed

-12

lines changed

Lines changed: 7 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -153,8 +153,10 @@ static int janus_rtp_header_extension_find(char *buf, int len, int id,`
`153`	`153`	`/* Found! */`
`154`	`154`	`if(byte)`
`155`	`155`	`*byte = buf[hlen+i+1];`
`156`		`- if(word)`
`157`		`- word = ntohl((uint32_t *)(buf+hlen+i));`
	`156`	`+ if(word && idlen >= 3 && (i+3) < extlen) {`
	`157`	`+ memcpy(word, buf+hlen+i, sizeof(uint32_t));`
	`158`	`+ word = ntohl(word);`
	`159`	`+ }`
`158`	`160`	`if(ref)`
`159`	`161`	`*ref = &buf[hlen+i];`
`160`	`162`	`return 0;`
`@@ -232,6 +234,9 @@ int janus_rtp_header_extension_parse_rtp_stream_id(char *buf, int len, int id,`
`232`	`234`	`JANUS_LOG(LOG_WARN, "SDES buffer is too small (%d < %d), RTP stream ID will be cut\n", val_len, sdes_len);`
`233`	`235`	`val_len = sdes_len-1;`
`234`	`236`	`}`
	`237`	`+ if (val_len > len-(ext-buf)-1 ) {`
	`238`	`+ return -3;`
	`239`	`+ }`
`235`	`240`	`memcpy(sdes_item, ext+1, val_len);`
`236`	`241`	`*(sdes_item+val_len) = '0円';`
`237`	`242`	`return 0;`

Lines changed: 2 additions & 10 deletions

Original file line number	Diff line number	Diff line change
`@@ -634,27 +634,19 @@ gboolean janus_vp9_is_keyframe(const char *buffer, int len) {`
`634`	`634`	`if(len == 0) /* Make sure we don't overflow */`
`635`	`635`	`return FALSE;`
`636`	`636`	`uint i=0;`
`637`		`- for(i=0; i<n_s; i++) {`
	`637`	`+ for(i=0; i<n_s&&len>=4; i++,len-=4) {`
`638`	`638`	`/* Width */`
`639`		`- if(len < 2) /* Make sure we don't overflow */`
`640`		`- return FALSE;`
`641`	`639`	`uint16_t w;`
`642`	`640`	`memcpy(&w, buffer, sizeof(uint16_t));`
`643`	`641`	`int vp9w = ntohs(w);`
`644`	`642`	`buffer += 2;`
`645`		`- len -= 2;`
`646`	`643`	`/* Height */`
`647`		`- if(len < 2) /* Make sure we don't overflow */`
`648`		`- return FALSE;`
`649`	`644`	`uint16_t h;`
`650`	`645`	`memcpy(&h, buffer, sizeof(uint16_t));`
`651`	`646`	`int vp9h = ntohs(h);`
`652`	`647`	`buffer += 2;`
`653`		`- len -= 2;`
`654`		`- if(len == 0) /* Make sure we don't overflow */`
`655`		`- return FALSE;`
`656`	`648`	`if(vp9w \|\| vp9h) {`
`657`		`- JANUS_LOG(LOG_HUGE, "Got a VP9 key frame: %dx%d\n", vp9w, vp9h);`
	`649`	`+ JANUS_LOG(LOG_WARN, "Got a VP9 key frame: %dx%d\n", vp9w, vp9h);`
`658`	`650`	`return TRUE;`
`659`	`651`	`}`
`660`	`652`	`}`

Comments

(0)