On Thu, 26 Jul 2012, Samuel Pitoiset wrote:
--- libavformat/rtmpproto.c | 6 ++++++ 1 file changed, 6 insertions(+)diff --git a/libavformat/rtmpproto.c b/libavformat/rtmpproto.c index a2efe38..a32c4a9 100644 --- a/libavformat/rtmpproto.c +++ b/libavformat/rtmpproto.c @@ -915,6 +915,12 @@ static int handle_ping(URLContext *s, RTMPPacket *pkt) t = AV_RB16(pkt->data); if (t == 6) { + if (pkt->data_size < 6) { + av_log(s, AV_LOG_ERROR, "Too short ping packet (%d)\n", + pkt->data_size); + return AVERROR_INVALIDDATA; + } +
The commit and warning messages are good this time, however the code itself is wrong in two different ways. Where did you get the number 6, and why do you do the check here?
// Martin _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
