Resending. Are there any objections to this patch?
On Mon, 2017 Apr 17 01:12-0400, Daniel Richard G. wrote:
> In the course of testing RTSP streaming of CCTV video via the FFmpeg
> API, I have found some Valgrind uninitialized-memory errors due to what
> appear to be short/failed reads in ffurl_read_complete().
>
> The calling function ff_rtsp_read_reply() was not checking the return
> value, and so the library went on to parse garbage in an
> uninitialized heap-allocated buffer.
>
> The attached patch adds logic to check the return value and bail
> out on error.
>
>
> --Daniel
>
--
Daniel Richard G. || sk...@iskunk.org
My ASCII-art .sig got a bad case of Times New Roman.
From 477cbd18b630365d612da173201c2e4ee763d7d4 Mon Sep 17 00:00:00 2001
From: Daniel Richard G <sk...@iskunk.org>
Date: Sun, 16 Apr 2017 23:12:53 -0400
Subject: [PATCH] avformat/rtsp: check return value of read in ff_rtsp_read_reply()
Signed-off-by: Daniel Richard G <sk...@iskunk.org>
---
libavformat/rtsp.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
index 261e970..da962fb 100644
--- a/libavformat/rtsp.c
+++ b/libavformat/rtsp.c
@@ -1218,7 +1218,11 @@ start:
content = av_malloc(content_length + 1);
if (!content)
return AVERROR(ENOMEM);
- ffurl_read_complete(rt->rtsp_hd, content, content_length);
+ ret = ffurl_read_complete(rt->rtsp_hd, content, content_length);
+ if (ret != content_length) {
+ av_freep(&content);
+ return AVERROR_EOF;
+ }
content[content_length] = '\0';
}
if (content_ptr)
--
2.9.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
