On Wed, 25 Jul 2012, Samuel Pitoiset wrote:
This allows having more unknown data at the end of the packet without failing. --- libavformat/rtmpproto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)diff --git a/libavformat/rtmpproto.c b/libavformat/rtmpproto.c index 8d388ab..2acc69b 100644 --- a/libavformat/rtmpproto.c +++ b/libavformat/rtmpproto.c @@ -885,9 +885,9 @@ static int handle_chunk_size(URLContext *s, RTMPPacket *pkt) RTMPContext *rt = s->priv_data; int ret; - if (pkt->data_size != 4) { + if (pkt->data_size < 3) { av_log(s, AV_LOG_ERROR, - "Chunk size change packet is not 4 bytes long (%d)\n", + "Chunk size report packet is less than 3 bytes long (%d)\n", pkt->data_size); return AVERROR_INVALIDDATA; }
This is not right. Now 3 would suddenly be an acceptable size, and we'd overread by 1 byte, which could perhaps even lead to a crash.
// Martin _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
