return count;
}
+static gint
+rtcp_packet_min_length (GstRTCPType type)
+{
+ switch (type) {
+ case GST_RTCP_TYPE_SR:
+ return 28;
+ case GST_RTCP_TYPE_RR:
+ return 8;
+ case GST_RTCP_TYPE_SDES:
+ return 4;
+ case GST_RTCP_TYPE_BYE:
+ return 4;
+ case GST_RTCP_TYPE_APP:
+ return 12;
+ case GST_RTCP_TYPE_RTPFB:
+ return 12;
+ case GST_RTCP_TYPE_PSFB:
+ return 12;
+ case GST_RTCP_TYPE_XR:
+ return 8;
+ default:
+ return -1;
+ }
+}
+
/**
* read_packet_header:
* @packet: a packet
guint8 *data;
gsize maxsize;
guint offset;
+ gint minsize;
+ guint minlength;
g_return_val_if_fail (packet != NULL, FALSE);
if (offset + 4 + packet->length * 4 > maxsize)
return FALSE;
+ minsize = rtcp_packet_min_length (packet->type);
+ if (minsize == -1)
+ minsize = 0;
+ minlength = (minsize - 4) >> 2;
+
+ /* Validate the size */
+ if (packet->length < minlength)
+ return FALSE;
+
return TRUE;
}
/* packet->offset is now pointing to the next free offset in the buffer to
* start a compount packet. Next we figure out if we have enough free space in
* the buffer to continue. */
- switch (type) {
- case GST_RTCP_TYPE_SR:
- len = 28;
- break;
- case GST_RTCP_TYPE_RR:
- len = 8;
- break;
- case GST_RTCP_TYPE_SDES:
- len = 4;
- break;
- case GST_RTCP_TYPE_BYE:
- len = 4;
- break;
- case GST_RTCP_TYPE_APP:
- len = 12;
- break;
- case GST_RTCP_TYPE_RTPFB:
- len = 12;
- break;
- case GST_RTCP_TYPE_PSFB:
- len = 12;
- break;
- case GST_RTCP_TYPE_XR:
- len = 8;
- break;
- default:
- goto unknown_type;
- }
+ len = rtcp_packet_min_length (type);
+ if (type == -1)
+ goto unknown_type;
if (packet->offset + len >= maxsize)
goto no_space;