Fix for potential out of bounds reading in rtcp::RemoteEstimate parser.

packet_size() includes the size of padding, this means that the size check might incorrectly not trigger even if the payload is empty. In turn this means that the ReadBigEndian call might read out of bounds memory. Refactored the code to reuse the App parsing code more, eliminating the risk of this particular kind of error. Bug: chromium:987507 Change-Id: Id8f3e292c3d30460d3cdb551f0a45070fdf8f022 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/146716 Reviewed-by: Stefan Holmer <stefan@webrtc.org> Commit-Queue: Sebastian Jansson <srte@webrtc.org> Cr-Commit-Position: refs/heads/master@{#28680}
2019-07-25 09:50:48 +02:00
parent 604e75c458
commit a72d583271
4 changed files with 16 additions and 20 deletions
--- a/modules/rtp_rtcp/source/rtcp_packet/app.h
+++ b/modules/rtp_rtcp/source/rtcp_packet/app.h
@ -25,6 +25,7 @@ class App : public RtcpPacket {
 public:
  static constexpr uint8_t kPacketType = 204;
  App();
+  App(App&&) = default;
  ~App() override;

  // Parse assumes header is already parsed and validated.