From: Pascal Buhler Date: Wed, 12 Oct 2011 09:28:10 +0000 (+0200) Subject: rtcpbuffer: prevent overflow of 16bit header length. X-Git-Tag: 1.19.3~511^2~6555^2~202 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=0febae7443b165ceaa69641e95d7069f26719e59;p=platform%2Fupstream%2Fgstreamer.git rtcpbuffer: prevent overflow of 16bit header length. RTCP header can be (2^16 + 1) * 4 bytes long, so when validating a bogus packet it was possible to get a 16bit overflow resulting in a length of 0. This would put the gst_rtcp_buffer_validate_data function in a endless loop. https://bugzilla.gnome.org/show_bug.cgi?id=667313 --- diff --git a/gst-libs/gst/rtp/gstrtcpbuffer.c b/gst-libs/gst/rtp/gstrtcpbuffer.c index fbd928c..539f763 100644 --- a/gst-libs/gst/rtp/gstrtcpbuffer.c +++ b/gst-libs/gst/rtp/gstrtcpbuffer.c @@ -111,7 +111,7 @@ gboolean gst_rtcp_buffer_validate_data (guint8 * data, guint len) { guint16 header_mask; - guint16 header_len; + guint header_len; guint8 version; guint data_len; gboolean padding;