From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id 4CC174FA27
	for <ffmpegdev@gitmailbox.com>; Tue, 24 Jun 2025 18:02:19 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id AF0AF68CF48;
	Tue, 24 Jun 2025 21:02:14 +0300 (EEST)
Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com
 [209.85.221.48])
 by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id AF76368CAEE
 for <ffmpeg-devel@ffmpeg.org>; Tue, 24 Jun 2025 21:02:07 +0300 (EEST)
Received: by mail-wr1-f48.google.com with SMTP id
 ffacd0b85a97d-3a365a6804eso526323f8f.3
 for <ffmpeg-devel@ffmpeg.org>; Tue, 24 Jun 2025 11:02:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1750788127; x=1751392927; darn=ffmpeg.org;
 h=content-transfer-encoding:mime-version:message-id:date:subject:to
 :from:from:to:cc:subject:date:message-id:reply-to;
 bh=YC+33jhGRQB+OPTuBKqdEN5a7bnQmt14ZcpUVQpGtzY=;
 b=cMNTeoJVf/vxyQ+eCe13U/W2q5pUDP/EWPn8mrXibjq0HxbdaGGVhzRislum5rTCbV
 Yb6rSTPB5kYseU6KYkMG8wtjOg23EDTgBjNWTyLsLh24f9Ewa8pjv+pREnVorj/Zi9Sb
 HOh/5/Jd6udFaKyHzviIIGAeCggzlmNW0pWijzZjYPeL5BZfr8nbzjHd7wA3cJ6A0dv2
 s/kc40S2v0ckDn8GsElClF/+Fy/IDVYk4USIKc8xcN9Lh8MF2Lohf9CDJaeoViApY8eD
 a/R0wH2ZEq+7bwlVlzxBRKgfUxhjV9BAxXYlTuTtUPbc2UaRrU/kHNmXbqG1snvvziWm
 Ivuw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1750788127; x=1751392927;
 h=content-transfer-encoding:mime-version:message-id:date:subject:to
 :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=YC+33jhGRQB+OPTuBKqdEN5a7bnQmt14ZcpUVQpGtzY=;
 b=ipzSYLCIC9Cw6YxWCr27sBP7o3yRtSQRY7b2anHtCgqm5yUwYECKn6s1WiUA/6sEtp
 ddSrhXCtK2o5S5g7ZveuVW3mH4TGvR5qxI/WzncfbvFhWrbI3JFPwLbT0b1JtOHWrIFT
 FOIuV/ryjrNjwEENd5UzPEmpUCkz1eR6tGu4BnJyJKkxontV1Jx61HXw1dbr/wI+N+Y9
 6PUHO249/b9e1DNSYvBobUQhdPARfVkR6BITivCfCN9AzAv5dRwZdD8BMDxw9C0FNAvS
 E4OipZEAa21wLASWfBw6djZb4WVSJ8r+xwfn5QMDyCEulCudN87PpOO3FKtVDgrddFw2
 FCTg==
X-Gm-Message-State: AOJu0YynmR4aPi4mm2rJqINkpB0kH8uUC54QvlYuWLAF/rxnPvKN2xm8
 3/MPlROpiNvLqnTRfqrH623AP4s5PeNspY+NK0WGX5l6QUFNDKhNtnSdg8Hhcw==
X-Gm-Gg: ASbGncvGNNe/Td5g0xm/1BFQQ83OY1QbbH6ts/zR8MYHUerbK2tis2GefAzL9b0KbLt
 i8oO2Jkj9nDZV83qGnE/AdWVdYFY2mP34t6uQksNsd98eO2HP1ilPie7Hpg0cU1EdH0O/8n8BDj
 Dv6XvCLqzZ+cU1mFilUq0+7ZsJelwsmXPo6+dFvwF+pZpNBg8ZQjB59BuyrtPMGgLkh73o0Qa9e
 Ht8LgWCOM1zibH+6F0pWhJ0wPCUasGporSCHesv+858+Gv1uyfgHiaeYIbHvcC3EEdtssT2g962
 UGtoJPMb/pmQlHKzCDTwrMfzcyuNq50DmhG1lgn8FCWj9lnuRjRHatEHCCsJWP/oFELbva85y0A
 swNj0j4tLImfRU2CRaYh1mKlJA7wMAXXlfmO/h7iMRcygT6qpEI9wcr3KSr2eok+QH/HFLtOjga
 /TVQs=
X-Google-Smtp-Source: AGHT+IGKemNfNa9WaOj76sfk1mo8kIYZxzKf+w5gukl9wzm4ZQNdtJ9nZbPzq7qGOVKRPyIKnde7Wg==
X-Received: by 2002:a05:6000:2906:b0:3a3:7ba5:93a5 with SMTP id
 ffacd0b85a97d-3a6d130b3b5mr13933448f8f.26.1750788126421; 
 Tue, 24 Jun 2025 11:02:06 -0700 (PDT)
Received: from ArmedBeast.fritz.box
 (p20030102370045006de90db78179531b.dip0.t-ipconnect.de.
 [2003:102:3700:4500:6de9:db7:8179:531b])
 by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-453803fe596sm14228255e9.24.2025.06.24.11.02.05
 for <ffmpeg-devel@ffmpeg.org>
 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256);
 Tue, 24 Jun 2025 11:02:05 -0700 (PDT)
From: Marvin Scholz <epirat07-at-gmail.com@ffmpeg.org>
To: ffmpeg-devel@ffmpeg.org
Date: Tue, 24 Jun 2025 20:02:00 +0200
Message-Id: <20250624180202.15430-1-epirat07@gmail.com>
X-Mailer: git-send-email 2.39.5 (Apple Git-154)
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH 1/3] lavf/rtpdec: fix RTCP SR packet length
 check
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20250624180202.15430-1-epirat07@gmail.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

The minimum valid packet length is 28, given that the length includes
the packet header.

This didn't cause any issues so far as the code did not care about the
last two fields in the SR section, but will be relevant in a future
commit.
---
 libavformat/rtpdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/rtpdec.c b/libavformat/rtpdec.c
index 2e2cbf5477..97aabcf542 100644
--- a/libavformat/rtpdec.c
+++ b/libavformat/rtpdec.c
@@ -187,7 +187,7 @@ static int rtcp_parse_packet(RTPDemuxContext *s, const unsigned char *buf,
 
         switch (buf[1]) {
         case RTCP_SR:
-            if (payload_len < 20) {
+            if (payload_len < 28) {
                 av_log(s->ic, AV_LOG_ERROR, "Invalid RTCP SR packet length\n");
                 return AVERROR_INVALIDDATA;
             }
-- 
2.39.5 (Apple Git-154)

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".