From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id 2A8014FC06
	for <ffmpegdev@gitmailbox.com>; Sat, 28 Jun 2025 14:27:44 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 6D2F268E32C;
	Sat, 28 Jun 2025 17:27:39 +0300 (EEST)
Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com
 [209.85.128.48])
 by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 0255668E1AE
 for <ffmpeg-devel@ffmpeg.org>; Sat, 28 Jun 2025 17:27:32 +0300 (EEST)
Received: by mail-wm1-f48.google.com with SMTP id
 5b1f17b1804b1-453749af004so16816155e9.1
 for <ffmpeg-devel@ffmpeg.org>; Sat, 28 Jun 2025 07:27:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1751120852; x=1751725652; darn=ffmpeg.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=b6y+yxYp9137MZjbqEBs+sBV/opCTy1FKX9tU2hYu2A=;
 b=ZpuuZvR2qCwhQWMieDzDLMo8OC4abcoBgiwk5iyR8TJ/KhyKFONFzFmL+1wzYjvE11
 YjZiNQOSk5lcG6BB0X3XBMlGK26mQJ+P28mcz/BkiERi19dYsFo9lVVEHyqYznle1Hwc
 c3IW3l6dzOkld8Ko3SOPXnQcSxd2b/8e1fSkze6reQ/vK23nIsuSkZCXsXr4YGD7f5Zy
 YcZQUuiGiCwT/0AdWTDX/7Oej1WTkg6eUWZJ6iPcME8+M8bqbBwkKCuLobmWtawEEyIx
 BRz2UYL9ZSa6BlcfsabKJw15+sfpWibIt392GJ3+rUViCAeeA3QtFFGXi3FGPx7GVEbn
 FeJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1751120852; x=1751725652;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=b6y+yxYp9137MZjbqEBs+sBV/opCTy1FKX9tU2hYu2A=;
 b=aWMp8PJ08YhEXubmuOld8FX55Fo8Zs2WZRFie7EVsXbhHhKCuCKKxEe4eyrjuWkDYa
 WmUl53weCSoxTxKFIX6lI9AeWom6pqe+xnbadDqv8YpAIFFIMuM9hfw1eYppYRhBl3a5
 55iIxtiogg2th4D0SNQssnlfCtloiI43I4957Dj6dh6q2DEbZHiLTKLsfaJKdlDZZQhz
 GM3psRYp/m1CgiAIZ3bd+lYRyvzCheOWUryzI6nhYKA4o/49Hfku5hQEhXALUSx02tQY
 sFBEbuop1ECdJQgu4usrMGUwKJBISH+pPcBpu8NfxpzWKNPSWfeCtKBpZgwBswO9ImNE
 uaFA==
X-Gm-Message-State: AOJu0YwpSQ9hhNOipUBjOXN7z/k16RCrfGogWzpvbd14fOwzaLngXJkm
 ahGak/B9vAT+VU5aKdOVF49aWrV1x0t93UTwFEQ5dVX2038iTgUVAvFvKFlZmA==
X-Gm-Gg: ASbGncvFiEIeLFPQPundbd0AC48gNOCwuFjA0LKbMfwa7vVQ496RPfN5uifdEmDJlF/
 /Ijl+KbfSa4dJC7LbELVKc+MVFO9/R81uiPwzwdY16Jve95nKIRv+LgpVUHeJNvKsvRZk+b/+eb
 0lWE0LVVttLoKeGb/hWODxsdPyL3oKco3HEI9+D0hzAXEXyHYeoNgX0I8kbiJ6LI3e8NHk4vvvz
 ibGWXO3VVQoSOtpZbD52RBDT16WLyO55cK2OsIJUoGkxBaeHXwr8nZhNLtO8dWEECglyZpJUDTw
 a9T+vNH9CXGxriQRDplhg2AgsITYUCFwNqllbTwUFKgiwqm+Rb7EyclF6V1jMRQ3ArddLeGvpn/
 XPi0juj59QOPYaeKjFv14uBIQyZrewKSHDxLuegeIGJHz18ASqLU1vy56V04Zq9H4NjVXqvf/Es
 ZAJCYH
X-Google-Smtp-Source: AGHT+IGbShi+a3Yt2iR2EErYeGrgyuVUn3BZfbCLIG10ZY15X6uX3ZtsHuwFSuLS/A2nKTt3o87zEg==
X-Received: by 2002:a05:600c:4f13:b0:453:2433:1c5b with SMTP id
 5b1f17b1804b1-4538ee15a9emr75172305e9.5.1751120852103; 
 Sat, 28 Jun 2025 07:27:32 -0700 (PDT)
Received: from ArmedBeast.fritz.box
 (p2003010237004500d82e3c7de7372df5.dip0.t-ipconnect.de.
 [2003:102:3700:4500:d82e:3c7d:e737:2df5])
 by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4538f754326sm53366975e9.18.2025.06.28.07.27.31
 for <ffmpeg-devel@ffmpeg.org>
 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256);
 Sat, 28 Jun 2025 07:27:31 -0700 (PDT)
From: Marvin Scholz <epirat07-at-gmail.com@ffmpeg.org>
To: ffmpeg-devel@ffmpeg.org
Date: Sat, 28 Jun 2025 16:27:23 +0200
Message-Id: <20250628142725.26651-1-epirat07@gmail.com>
X-Mailer: git-send-email 2.39.5 (Apple Git-154)
In-Reply-To: <20250624180202.15430-1-epirat07@gmail.com>
References: <20250624180202.15430-1-epirat07@gmail.com>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH v2 1/3] lavf/rtpdec: fix RTCP SR packet
 length check
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20250628142725.26651-1-epirat07@gmail.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

The minimum valid packet length is 28, given that the length includes
the packet header.

This didn't cause any issues so far as the code did not care about the
last two fields in the SR section, but will be relevant in a future
commit.
---
 libavformat/rtpdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/rtpdec.c b/libavformat/rtpdec.c
index d54ac31eb0..5aecf7fbc7 100644
--- a/libavformat/rtpdec.c
+++ b/libavformat/rtpdec.c
@@ -187,7 +187,7 @@ static int rtcp_parse_packet(RTPDemuxContext *s, const unsigned char *buf,
 
         switch (buf[1]) {
         case RTCP_SR:
-            if (payload_len < 20) {
+            if (payload_len < 28) {
                 av_log(s->ic, AV_LOG_ERROR, "Invalid RTCP SR packet length\n");
                 return AVERROR_INVALIDDATA;
             }
-- 
2.39.5 (Apple Git-154)

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".