Commit a55b8e9c authored by Vincent Penquerc'h's avatar Vincent Penquerc'h

rtpvrawpay: guard against pathological "no space" condition

Even if one woul hope one pixel can fit in a MTU, ensure we do not
overwrite a buffer if this is not the case.

Spotted while looking at Coverity 1208786
parent dfa2df1c
......@@ -331,6 +331,13 @@ gst_rtp_vraw_pay_handle_buffer (GstRTPBasePayload * payload, GstBuffer * buffer)
/* the headers start here */
headers = outdata;
/* make sure we can fit at least *one* header and pixel */
if (!(left > (6 + pgroup))) {
gst_rtp_buffer_unmap (&rtp);
gst_buffer_unref (out);
goto too_small;
}
/* while we can fit at least one header and one pixel */
while (left > (6 + pgroup)) {
/* we need a 6 bytes header */
......@@ -516,6 +523,14 @@ unknown_sampling:
gst_buffer_unref (buffer);
return GST_FLOW_NOT_SUPPORTED;
}
too_small:
{
GST_ELEMENT_ERROR (payload, RESOURCE, NO_SPACE_LEFT,
(NULL), ("not enough space to send at least one pixel"));
gst_video_frame_unmap (&frame);
gst_buffer_unref (buffer);
return GST_FLOW_NOT_SUPPORTED;
}
}
gboolean
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment