From patchwork Mon May 8 15:24:19 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Daniel Richard G." X-Patchwork-Id: 3618 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.103.3.129 with SMTP id 123csp900228vsd; Mon, 8 May 2017 08:24:31 -0700 (PDT) X-Received: by 10.28.230.16 with SMTP id d16mr14104012wmh.108.1494257070883; Mon, 08 May 2017 08:24:30 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id n4si7861754wme.166.2017.05.08.08.24.30; Mon, 08 May 2017 08:24:30 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@iskunk.org; dkim=neutral (body hash did not verify) header.i=@messagingengine.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 478A26882A7; Mon, 8 May 2017 18:24:21 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 62356680368 for ; Mon, 8 May 2017 18:24:14 +0300 (EEST) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id B8C4920A87 for ; Mon, 8 May 2017 11:24:19 -0400 (EDT) Received: from web3 ([10.202.2.213]) by compute3.internal (MEProxy); Mon, 08 May 2017 11:24:19 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iskunk.org; h= content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=+RL6vGRARmTlHGk8xlM2XPiIo9Vi9 Jh1+PhNySa0QLs=; b=rHe26OhdVsBgxeKhFgaKpUXVJMOGRZTn77N2ElionDCFe Y/cuaPbDhn0oMta/ig6k/HbVlqiGYfU8T6KmHq/5+4ty1DNKdK0LU0cgkgtcnRo7 JA7WNCZ0UQTxwLC5mMKwbrAC3aYX4JoArcTPn8BTVcmspm86p9DeLpQNJYpIPrLl NZmdDW1pU5y2gyrv1h34isaiGUzaSaKzbaRId4gozrTzUaF73pBTjsg2JTuZFyyy EaX/lcbdKWoz97toqmxF0CqF+SflqUQyUzCXqxZWBOMkZkLHfnL2JYD6TtVN0pJi muZJLWlAPe7PH5wDsmZJkVUlccBLpyv041JAEN9pg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=+RL6vG RARmTlHGk8xlM2XPiIo9Vi9Jh1+PhNySa0QLs=; b=QZCh7VyYvuETQWb3UwLh7k I8RT2zLJxr2rLCWW42kY7TiHiuBcuOQt0BqkXox8lPE9on3L70x3LNjtErg5/bfP DfGdht30YSZgwVqkd1Wz1BlKMI98fyU1S54okXPSBmlR1r2Fr9fs6i8W740vRlm2 QzXzu1ICbzbctlLFbSBr+OkbZtTyFCJ4dHONM9Ny/DIoox/ARUznLO4K++rEDg7a pCkif9tQMq1ijf5AzxKrYCsmTYcWjAgnTevxXEDfyVuYtPDe0cycWQHSlZ70UAlT Bd3/jF2gWsajoWHPRUdaQnT/iPv61MT0qEXxRAx1mPFXysfeGKqsPuyiKIoFqfBg == X-ME-Sender: Received: by mailuser.nyi.internal (Postfix, from userid 99) id 8FD3C9EF71; Mon, 8 May 2017 11:24:19 -0400 (EDT) Message-Id: <1494256907.592817.59A342FE@webmail.messagingengine.com> From: "Daniel Richard G." To: FFmpeg development discussions and patches MIME-Version: 1.0 X-Mailer: MessagingEngine.com Webmail Interface - html Date: Mon, 08 May 2017 11:24:19 -0400 In-Reply-To: <1492405941.4135730.946500744.144D6FFA@webmail.messagingengine.com> References: <1492405941.4135730.946500744.144D6FFA@webmail.messagingengine.com> Subject: Re: [FFmpeg-devel] [PATCH] avformat/rtsp: check return value of read in ff_rtsp_read_reply() X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Resending. Are there any objections to this patch? On Mon, 2017 Apr 17 01:12-0400, Daniel Richard G. wrote: > In the course of testing RTSP streaming of CCTV video via the FFmpeg > API, I have found some Valgrind uninitialized-memory errors due to what > appear to be short/failed reads in ffurl_read_complete(). > > The calling function ff_rtsp_read_reply() was not checking the return > value, and so the library went on to parse garbage in an > uninitialized heap-allocated buffer. > > The attached patch adds logic to check the return value and bail > out on error. > > > --Daniel > From 477cbd18b630365d612da173201c2e4ee763d7d4 Mon Sep 17 00:00:00 2001 From: Daniel Richard G Date: Sun, 16 Apr 2017 23:12:53 -0400 Subject: [PATCH] avformat/rtsp: check return value of read in ff_rtsp_read_reply() Signed-off-by: Daniel Richard G --- libavformat/rtsp.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c index 261e970..da962fb 100644 --- a/libavformat/rtsp.c +++ b/libavformat/rtsp.c @@ -1218,7 +1218,11 @@ start: content = av_malloc(content_length + 1); if (!content) return AVERROR(ENOMEM); - ffurl_read_complete(rt->rtsp_hd, content, content_length); + ret = ffurl_read_complete(rt->rtsp_hd, content, content_length); + if (ret != content_length) { + av_freep(&content); + return AVERROR_EOF; + } content[content_length] = '\0'; } if (content_ptr) -- 2.9.0