Mercurial > mozreview > gecko / changeset / d63c72e5fdc6ccc2f796a955d737973908370a63
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1324608: restrict RID len. r?ng draft
authorNils Ohlmeier [:drno] <drno@ohlmeier.org>
Tue, 20 Dec 2016 10:03:35 -0800
changeset 451674 d63c72e5fdc6ccc2f796a955d737973908370a63
parent 451111 d4b3146a5567a7ddbcdfa5244945db55616cb8d1
child 540091 420d8e6fc6e7c35099b25ef1848f06f5c8666dc2
push id39249
push userdrno@ohlmeier.org
push dateTue, 20 Dec 2016 20:24:18 +0000
reviewersng
bugs1324608
milestone53.0a1
Bug 1324608: restrict RID len. r?ng MozReview-Commit-ID: 9iA0s4EmGow
media/webrtc/trunk/webrtc/modules/rtp_rtcp/source/rtp_sender.cc file | annotate | diff | comparison | revisions 
--- a/media/webrtc/trunk/webrtc/modules/rtp_rtcp/source/rtp_sender.cc
+++ b/media/webrtc/trunk/webrtc/modules/rtp_rtcp/source/rtp_sender.cc
@@ -1426,17 +1426,22 @@ uint8_t RTPSender::BuildRIDExtension(
     rtp_header_extension_map_.GetId(kRtpExtensionRtpStreamId,
                                       &id) != 0) {
     // No RtpStreamId or not registered
     return 0;
   }
   size_t pos = 0;
   // RID value is not null-terminated in header, so no +1
   const uint8_t len = strlen(rid_);
-  data_buffer[pos++] = (id << 4) + len;
+  if (len > 16 || len == 0) {
+    LOG(LS_ERROR) << "Failed to add RID header because of unsupported RID"
+                    " length: " << len;
+    return 0;
+  }
+  data_buffer[pos++] = (id << 4) + (len - 1);
   memcpy(data_buffer + pos, rid_, len);
   pos += len;
   return pos;
 }
 
 bool RTPSender::FindHeaderExtensionPosition(RTPExtensionType type,
                                             const uint8_t* rtp_packet,
                                             size_t rtp_packet_length,
gecko
Deployed from af051c2a8da7 at 2024-04-29T16:08:02Z.