Bug 1161719: Fix bounds check in FilterSenderReport r=jesup
authorByron Campen [:bwc] <docfaraday@gmail.com>
Tue, 05 May 2015 15:10:25 -0700
changeset 242672 36f729b4ffc9d0ff63520a0d0114828dbe25e064
parent 242671 020d3722b3ff27156c6480c44179b7084325136a
child 242673 2e67954d9762b828cf4dbf830079a449dbc54cff
push id28706
push usercbook@mozilla.com
push dateThu, 07 May 2015 13:41:13 +0000
treeherdermozilla-central@403e3c2380b5 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjesup
bugs1161719
milestone40.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1161719: Fix bounds check in FilterSenderReport r=jesup
media/webrtc/signaling/src/mediapipeline/MediaPipelineFilter.cpp
--- a/media/webrtc/signaling/src/mediapipeline/MediaPipelineFilter.cpp
+++ b/media/webrtc/signaling/src/mediapipeline/MediaPipelineFilter.cpp
@@ -74,17 +74,17 @@ void MediaPipelineFilter::Update(const M
   local_ssrc_set_ = filter_update.local_ssrc_set_;
   payload_type_set_ = filter_update.payload_type_set_;
   correlator_ = filter_update.correlator_;
 }
 
 bool
 MediaPipelineFilter::FilterSenderReport(const unsigned char* data,
                                         size_t len) const {
-  if (len < FIRST_SSRC_OFFSET) {
+  if (len < FIRST_SSRC_OFFSET + 4) {
     return false;
   }
 
   uint8_t payload_type = data[PT_OFFSET];
 
   if (payload_type != SENDER_REPORT_T) {
     return false;
   }