mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-09 19:35:51 +00:00
Bug 1220493: clean up validation of RTP headers r=pkerr
This commit is contained in:
parent
caf9b0fa0e
commit
9cf12febe9
@ -279,12 +279,6 @@ bool RtpHeaderParser::Parse(RTPHeader& header,
|
||||
return false;
|
||||
}
|
||||
|
||||
const size_t CSRCocts = CC * 4;
|
||||
|
||||
if ((ptr + CSRCocts) > _ptrRTPDataEnd) {
|
||||
return false;
|
||||
}
|
||||
|
||||
header.markerBit = M;
|
||||
header.payloadType = PT;
|
||||
header.sequenceNumber = sequenceNumber;
|
||||
@ -293,13 +287,20 @@ bool RtpHeaderParser::Parse(RTPHeader& header,
|
||||
header.numCSRCs = CC;
|
||||
header.paddingLength = P ? *(_ptrRTPDataEnd - 1) : 0;
|
||||
|
||||
// 12 == sizeof(RFC rtp header) == kRtpMinParseLength, each CSRC=4 bytes
|
||||
header.headerLength = 12 + (CC * 4);
|
||||
// not a full validation, just safety against underflow. Padding must
|
||||
// start after the header. We can have 0 payload bytes left, note.
|
||||
if (header.paddingLength + header.headerLength > length) {
|
||||
return false;
|
||||
}
|
||||
|
||||
for (uint8_t i = 0; i < CC; ++i) {
|
||||
uint32_t CSRC = ByteReader<uint32_t>::ReadBigEndian(ptr);
|
||||
ptr += 4;
|
||||
header.arrOfCSRCs[i] = CSRC;
|
||||
}
|
||||
|
||||
header.headerLength = 12 + CSRCocts;
|
||||
assert((ptr - _ptrRTPDataBegin) == header.headerLength);
|
||||
|
||||
// If in effect, MAY be omitted for those packets for which the offset
|
||||
// is zero.
|
||||
@ -328,8 +329,9 @@ bool RtpHeaderParser::Parse(RTPHeader& header,
|
||||
| header extension |
|
||||
| .... |
|
||||
*/
|
||||
const ptrdiff_t remain = _ptrRTPDataEnd - ptr;
|
||||
if (remain < 4) {
|
||||
// earlier test ensures we have at least paddingLength bytes left
|
||||
const ptrdiff_t remain = (_ptrRTPDataEnd - ptr) - header.paddingLength;
|
||||
if (remain < 4) { // minimum header extension length = 32 bits
|
||||
return false;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user