diff mbox

[FFmpeg-devel] avformat/rtsp: check return value of read in ff_rtsp_read_reply()

Message ID 1493734727.3516443.963112616.39EB8AEA@webmail.messagingengine.com
State Superseded
Headers show

Commit Message

Daniel Richard G. May 2, 2017, 2:18 p.m. UTC 
Resending...

On Mon, 2017 Apr 17 01:12-0400, Daniel Richard G. wrote:
> In the course of testing RTSP streaming of CCTV video via the FFmpeg
> API, I have found some Valgrind uninitialized-memory errors due to what
> appear to be short/failed reads in ffurl_read_complete().
> 
> The calling function ff_rtsp_read_reply() was not checking the return
> value, and so the library went on to parse garbage in an
> uninitialized heap-allocated buffer.
> 
> The attached patch adds logic to check the return value and bail
> out on error.
> 
> 
> --Daniel
>
diff mbox

Patch

From 477cbd18b630365d612da173201c2e4ee763d7d4 Mon Sep 17 00:00:00 2001
From: Daniel Richard G <skunk@iSKUNK.ORG>
Date: Sun, 16 Apr 2017 23:12:53 -0400
Subject: [PATCH] avformat/rtsp: check return value of read in ff_rtsp_read_reply()

Signed-off-by: Daniel Richard G <skunk@iSKUNK.ORG>
---
 libavformat/rtsp.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
index 261e970..da962fb 100644
--- a/libavformat/rtsp.c
+++ b/libavformat/rtsp.c
@@ -1218,7 +1218,11 @@  start:
         content = av_malloc(content_length + 1);
         if (!content)
             return AVERROR(ENOMEM);
-        ffurl_read_complete(rt->rtsp_hd, content, content_length);
+        ret = ffurl_read_complete(rt->rtsp_hd, content, content_length);
+        if (ret != content_length) {
+            av_freep(&content);
+            return AVERROR_EOF;
+        }
         content[content_length] = '\0';
     }
     if (content_ptr)
-- 
2.9.0