New submission from Robert Schlabbach <[email protected]>:
The RTP parser in libavformat/rtpdec.c, in the
function rtp_parse_packet_internal() does not check
the RTP header extension bit and neglects to skip
header extensions according to RFC 3550 chapter 5.3.1.
This results e.g. in MPEG-2 Transport Stream parsing
errors if the header extension should contain the MPEG-
2 synchronization byte (0x47).
Here is a suggested (untested) patch for this
shortcoming, to be inserted at this point:
445 s->seq = seq;
446 len -= 12;
447 buf += 12;
Change this to:
s->seq = seq;
{
// declare extension flag/length
variable
int ext;
// store RTP header extension bit
ext = buf[0] & 0x10;
// skip past standard RTP header
len -= 12;
buf += 12;
// handle RTP header extensions (RFC
3550 chapter 5.3.1)
if (ext)
{
// retrieve header extension
length (in 32-bit words)
ext = AV_RB16(buf + 2);
// add header extension itself
to extension length
ext++;
// convert header extension
length to bytes
ext <<= 2;
// abort if extension length
exceeds remaining buffer length
if (len < ext)
return -1;
// skip header extension
len -= ext;
buf += ext;
};
}
The declaration of the "ext" variable can actually be
moved to the other variable declarations of this
function, allowing the extra bracket level to be
removed.
----------
messages: 12124
priority: normal
status: new
substatus: analyzed
title: RTP parser fails on RFC 3550 header extensions
type: patch
________________________________________________
FFmpeg issue tracker <[email protected]>
<https://roundup.ffmpeg.org/issue2270>
________________________________________________
