On Thu, Jul 26, 2012 at 7:27 PM, Martin Storsjö <[email protected]> wrote:
> On Thu, 26 Jul 2012, Samuel Pitoiset wrote:
>
>> ---
>> libavformat/rtmpproto.c | 6 ++++++
>> 1 file changed, 6 insertions(+)
>>
>> diff --git a/libavformat/rtmpproto.c b/libavformat/rtmpproto.c
>> index a2efe38..a32c4a9 100644
>> --- a/libavformat/rtmpproto.c
>> +++ b/libavformat/rtmpproto.c
>> @@ -915,6 +915,12 @@ static int handle_ping(URLContext *s, RTMPPacket
>> *pkt)
>>
>> t = AV_RB16(pkt->data);
>> if (t == 6) {
>> + if (pkt->data_size < 6) {
>> + av_log(s, AV_LOG_ERROR, "Too short ping packet (%d)\n",
>> + pkt->data_size);
>> + return AVERROR_INVALIDDATA;
>> + }
>> +
>
>
> The commit and warning messages are good this time, however the code itself
> is wrong in two different ways. Where did you get the number 6, and why do
> you do the check here?
I played a stream using a FMS and I used Wireshark in order to find
the size of a ping packet.
I do the check here because that handle function can received other
packets like a swfverification request, for example. And if this
packet is not 6 bytes long a *wrong* error code is returned.
Btw, I'll introduce an other case (in the near future) '} else if (t
== 0x1A) {' in order to handle swfverification packets.
--
Best regards,
Samuel Pitoiset.
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
