[FFmpeg-devel] Check return value of read in ff_rtsp_read_reply()

Submitted by Daniel Richard G. on April 17, 2017, 5:12 a.m.

Details

Message ID 1492405941.4135730.946500744.144D6FFA@webmail.messagingengine.com
State New
Headers show

Commit Message

Daniel Richard G. April 17, 2017, 5:12 a.m.
In the course of testing RTSP streaming of CCTV video via the FFmpeg
API, I have found some Valgrind uninitialized-memory errors due to what
appear to be short/failed reads in ffurl_read_complete().

The calling function ff_rtsp_read_reply() was not checking the return
value, and so the library went on to parse garbage in an
uninitialized heap-allocated buffer.

The attached patch adds logic to check the return value and bail
out on error.


--Daniel

Patch hide | download patch | download mbox

From 544c2f4628d1c8923880219de190caa96d672100 Mon Sep 17 00:00:00 2001
From: Daniel Richard G <skunk@iSKUNK.ORG>
Date: Sun, 16 Apr 2017 23:12:53 -0400
Subject: [PATCH] Check return value of read in ff_rtsp_read_reply()

Signed-off-by: Daniel Richard G <skunk@iSKUNK.ORG>
---
 libavformat/rtsp.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
index 261e970..da962fb 100644
--- a/libavformat/rtsp.c
+++ b/libavformat/rtsp.c
@@ -1218,7 +1218,11 @@  start:
         content = av_malloc(content_length + 1);
         if (!content)
             return AVERROR(ENOMEM);
-        ffurl_read_complete(rt->rtsp_hd, content, content_length);
+        ret = ffurl_read_complete(rt->rtsp_hd, content, content_length);
+        if (ret != content_length) {
+            av_freep(&content);
+            return AVERROR_EOF;
+        }
         content[content_length] = '\0';
     }
     if (content_ptr)
-- 
2.9.0