From patchwork Mon Feb 25 13:54:50 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Olivier Maignial <olivier.maignial@smile.fr>
X-Patchwork-Id: 12160
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id BAFC744786B
	for <patchwork@ffaux-bg.ffmpeg.org>;
	Tue, 26 Feb 2019 20:52:47 +0200 (EET)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 95B4C689F31;
	Tue, 26 Feb 2019 20:52:47 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com
	[209.85.221.52])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 9B328688324
	for <ffmpeg-devel@ffmpeg.org>; Mon, 25 Feb 2019 16:01:38 +0200 (EET)
Received: by mail-wr1-f52.google.com with SMTP id w6so6786711wrs.4
	for <ffmpeg-devel@ffmpeg.org>; Mon, 25 Feb 2019 06:01:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=smile-fr.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id;
	bh=DtMf/7u6RnoywvNLmpHZ9BrXYTqzBfE9G+RCrpcy4b8=;
	b=bn5JixAFj0pexlM6+hTN1kUAE0NHYs1JcVq3/vJhwRADzIWw7XE5v+f5fVQy9e4LVE
	6Hqgug1r2ZCCZZoMxaiPtiXeNMrBQV7+Dm8r8r/m8BiWR3iK5VgSCM2D5F5lE79zKPT5
	Ut8KVr350dNAOSB/BNb9sDs01/Hf+ysMVwI01vzoP+CZuLhyiXepKUMISq6Ahjn2heD3
	e96uck7c6hOJvRQ4Q2h5Q9x1RvebDeP20J8Awf7HLtsehPbVK15r3aJfNnIvbNMPlpb8
	Zysdg/RI0hfaxkTlYQa5Wao34cd//PZmFla5WfqQ5TNJZpaL2ggXUWyzENedhukH97q2
	c4ig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=DtMf/7u6RnoywvNLmpHZ9BrXYTqzBfE9G+RCrpcy4b8=;
	b=VbICkhQjo1Dmf8p8bdMnXj6rcYxvaD3AQNEWy3QzM7TbHupE1cg3awup/7+76hx3iU
	gi79ALXI2Ml2nm+FkPh6M8B+ReR3PcCLP5iEF05X20QCb3up103j1hX0+QA3rsSMFlxr
	ovNqR8zJlNqw/8s5IfkN4B6JtnftXd2RuPagUJ4fpmkzJwjcu5uR0RBEJwi7r3REIv8x
	jfTtIogExPkcwliS9+Ev2niiVQZPyMMmp0OHSjfP7eoPPmT6Q0H6m+lQpyImqF7SB0u3
	65dQoks6UVp628CzDCVF/Mky1yglCJLwtxV7wsPYaDv4Qna8BcOmw/wIGeuWdjTBHOWL
	L7Tw==
X-Gm-Message-State: AHQUAuaBFf+2p5o/7a4pyGq3C+HaE4V+lEYVOdUlVn5tb2LLm0l1Fl7c
	F7t2x78axu4RvIQrUwAlF/58+jJvJSU=
X-Google-Smtp-Source: 
 AHgI3IYCzkHf9OGDgDQneZfwTV9VJlwn7n2a6vzn4AvZdIWG5sU0p5f4f9zUB2aaOsHNP+ZnreeQiw==
X-Received: by 2002:adf:ecc6:: with SMTP id
	s6mr12855726wro.144.1551102902539;
	Mon, 25 Feb 2019 05:55:02 -0800 (PST)
Received: from P-TLS-SASUKE-OLMAI.tagtec.fr (myfox-157-50.fib.nerim.net.
	[194.79.157.50]) by smtp.gmail.com with ESMTPSA id
	y20sm8455232wra.51.2019.02.25.05.55.01
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Mon, 25 Feb 2019 05:55:02 -0800 (PST)
From: Olivier Maignial <olivier.maignial@smile.fr>
To: ffmpeg-devel@ffmpeg.org
Date: Mon, 25 Feb 2019 14:54:50 +0100
Message-Id: <1551102890-952-1-git-send-email-olivier.maignial@smile.fr>
X-Mailer: git-send-email 2.7.4
X-Mailman-Approved-At: Tue, 26 Feb 2019 20:52:46 +0200
Subject: [FFmpeg-devel] [PATCH] Fix sdp size check on fmtp integer parameters
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <http://ffmpeg.org/mailman/options/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <http://ffmpeg.org/pipermail/ffmpeg-devel/>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <http://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
Cc: Olivier Maignial <olivier.maignial@smile.fr>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

---
 libavformat/rtpdec_mpeg4.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libavformat/rtpdec_mpeg4.c b/libavformat/rtpdec_mpeg4.c
index 4f70599..f632ebf 100644
--- a/libavformat/rtpdec_mpeg4.c
+++ b/libavformat/rtpdec_mpeg4.c
@@ -289,15 +289,15 @@ static int parse_fmtp(AVFormatContext *s,
         for (i = 0; attr_names[i].str; ++i) {
             if (!av_strcasecmp(attr, attr_names[i].str)) {
                 if (attr_names[i].type == ATTR_NAME_TYPE_INT) {
-                    int val = atoi(value);
-                    if (val > 32) {
+                    long int val = strtol(value, NULL, 10);
+                    if (errno == ERANGE || val > INT_MAX || val < INT_MIN) {
                         av_log(s, AV_LOG_ERROR,
-                               "The %s field size is invalid (%d)\n",
+                               "The %s field size is invalid (%ld)\n",
                                attr, val);
                         return AVERROR_INVALIDDATA;
                     }
                     *(int *)((char *)data+
-                        attr_names[i].offset) = val;
+                        attr_names[i].offset) = (int) val;
                 } else if (attr_names[i].type == ATTR_NAME_TYPE_STR) {
                     char *val = av_strdup(value);
                     if (!val)