From patchwork Tue May 2 14:18:47 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Daniel Richard G." X-Patchwork-Id: 3549 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.103.3.129 with SMTP id 123csp1907018vsd; Tue, 2 May 2017 07:18:59 -0700 (PDT) X-Received: by 10.223.145.65 with SMTP id j59mr19768515wrj.200.1493734739049; Tue, 02 May 2017 07:18:59 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id m38si5294892wrm.206.2017.05.02.07.18.58; Tue, 02 May 2017 07:18:59 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@iskunk.org; dkim=neutral (body hash did not verify) header.i=@messagingengine.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C0C686883C1; Tue, 2 May 2017 17:18:51 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id CD77A680598 for ; Tue, 2 May 2017 17:18:45 +0300 (EEST) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id A18A420C0A for ; Tue, 2 May 2017 10:18:47 -0400 (EDT) Received: from web3 ([10.202.2.213]) by compute3.internal (MEProxy); Tue, 02 May 2017 10:18:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iskunk.org; h= content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=PfhQFFCUT7UA47p0M22js76v4QTF7 R3IuGBEQUojvVA=; b=gJOotBKdgWw6cOb3rX1srSPcWvTdJ1Da9Qe87G+oWJzNK LcJ4/e3L4jW2+Ao3EZy5JWUjKT3wpF3W6GZJUdFNysAnyYAzeGkHmSdFbc6icmZw WoFSEAiYo1wyqY+wybXJRB6fOsHmtSK87nyKSA5hmZsjaBxUz+im6tfZx9e9FlA4 pW626Nf3rVmSiqRrj4wDcL2MiXfa+CZeYKbVtPGAh9t6XHEL2CQIOGBGkggSVpz5 tJzQlfAzVJ9O6m9uu9inRen+G/q0wNcdSzgZ1IiLmqdVVLmClJ+UUpmyvnFGYYbu 0x+x8dsZo5xGKPgSlGPQzAY0la8NcOz3kcHYqe6gQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=PfhQFF CUT7UA47p0M22js76v4QTF7R3IuGBEQUojvVA=; b=QeqWRrE6rR05vXMie4znYS 4W4/kXdLQWpFO1Dgrv2ZM+A1rH5WFGOv71UWzCB02nbUDPDoS/Sc3QC0K/XdVZEZ l2tB2/24YpZbojQnytvQEhOWfffDFJ7IgZaQJ1BQawDdVu3UBA4Pq+cG64oWA9kb csjlARSrj026UVazwoUlPUZ9gpc4SvCTXUwA7sowMGcDUu6udBu+eqoV8VnpJvwk 3oMgF6vRsKt0LHIPu8Fcmk3tP9Ag9XszMzuMCBIIp9zbyJo56/ue5dd9HUwmDbV7 BnoRrM77pczAvIbzSooba9mXsD+oJWxghTSbpfzbn0HSD9QADK9n8KPNTH2uWDDQ == X-ME-Sender: Received: by mailuser.nyi.internal (Postfix, from userid 99) id 743A39E13F; Tue, 2 May 2017 10:18:47 -0400 (EDT) Message-Id: <1493734727.3516443.963112616.39EB8AEA@webmail.messagingengine.com> From: "Daniel Richard G." To: FFmpeg development discussions and patches MIME-Version: 1.0 X-Mailer: MessagingEngine.com Webmail Interface - html In-Reply-To: <1492405941.4135730.946500744.144D6FFA@webmail.messagingengine.com> Date: Tue, 02 May 2017 10:18:47 -0400 References: <1492405941.4135730.946500744.144D6FFA@webmail.messagingengine.com> Subject: Re: [FFmpeg-devel] [PATCH] avformat/rtsp: check return value of read in ff_rtsp_read_reply() X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Resending... On Mon, 2017 Apr 17 01:12-0400, Daniel Richard G. wrote: > In the course of testing RTSP streaming of CCTV video via the FFmpeg > API, I have found some Valgrind uninitialized-memory errors due to what > appear to be short/failed reads in ffurl_read_complete(). > > The calling function ff_rtsp_read_reply() was not checking the return > value, and so the library went on to parse garbage in an > uninitialized heap-allocated buffer. > > The attached patch adds logic to check the return value and bail > out on error. > > > --Daniel > From 477cbd18b630365d612da173201c2e4ee763d7d4 Mon Sep 17 00:00:00 2001 From: Daniel Richard G Date: Sun, 16 Apr 2017 23:12:53 -0400 Subject: [PATCH] avformat/rtsp: check return value of read in ff_rtsp_read_reply() Signed-off-by: Daniel Richard G --- libavformat/rtsp.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c index 261e970..da962fb 100644 --- a/libavformat/rtsp.c +++ b/libavformat/rtsp.c @@ -1218,7 +1218,11 @@ start: content = av_malloc(content_length + 1); if (!content) return AVERROR(ENOMEM); - ffurl_read_complete(rt->rtsp_hd, content, content_length); + ret = ffurl_read_complete(rt->rtsp_hd, content, content_length); + if (ret != content_length) { + av_freep(&content); + return AVERROR_EOF; + } content[content_length] = '\0'; } if (content_ptr) -- 2.9.0