In the course of testing RTSP streaming of CCTV video via the FFmpeg
API, I have found some Valgrind uninitialized-memory errors due to what
appear to be short/failed reads in ffurl_read_complete().
The calling function ff_rtsp_read_reply() was not checking the return
value, and so the library went on to parse garbage in an
uninitialized heap-allocated buffer.
The attached patch adds logic to check the return value and bail
out on error.
--Daniel
--
Daniel Richard G. || sk...@iskunk.org
My ASCII-art .sig got a bad case of Times New Roman.
From 544c2f4628d1c8923880219de190caa96d672100 Mon Sep 17 00:00:00 2001
From: Daniel Richard G <sk...@iskunk.org>
Date: Sun, 16 Apr 2017 23:12:53 -0400
Subject: [PATCH] Check return value of read in ff_rtsp_read_reply()
Signed-off-by: Daniel Richard G <sk...@iskunk.org>
---
libavformat/rtsp.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
index 261e970..da962fb 100644
--- a/libavformat/rtsp.c
+++ b/libavformat/rtsp.c
@@ -1218,7 +1218,11 @@ start:
content = av_malloc(content_length + 1);
if (!content)
return AVERROR(ENOMEM);
- ffurl_read_complete(rt->rtsp_hd, content, content_length);
+ ret = ffurl_read_complete(rt->rtsp_hd, content, content_length);
+ if (ret != content_length) {
+ av_freep(&content);
+ return AVERROR_EOF;
+ }
content[content_length] = '\0';
}
if (content_ptr)
--
2.9.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
