From df5983bb72d4a4c98d0becdda39b4ec60c6c7e3d Mon Sep 17 00:00:00 2001 From: Uladzimir Filipchenkau Date: Fri, 29 Mar 2024 16:08:30 +0300 Subject: [PATCH] fix unmarshaling panic vp8 --- codecs/vp8_packet.go | 3 +++ codecs/vp8_packet_test.go | 9 ++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/codecs/vp8_packet.go b/codecs/vp8_packet.go index 5d0a6540..9f9227e0 100644 --- a/codecs/vp8_packet.go +++ b/codecs/vp8_packet.go @@ -163,6 +163,9 @@ func (p *VP8Packet) Unmarshal(payload []byte) ([]byte, error) { return nil, errShortPacket } if payload[payloadIndex]&0x80 > 0 { // M == 1, PID is 16bit + if payloadIndex+1 >= payloadLen { + return nil, errShortPacket + } p.PictureID = (uint16(payload[payloadIndex]&0x7F) << 8) | uint16(payload[payloadIndex+1]) payloadIndex += 2 } else { diff --git a/codecs/vp8_packet_test.go b/codecs/vp8_packet_test.go index bb09ef11..3abb5208 100644 --- a/codecs/vp8_packet_test.go +++ b/codecs/vp8_packet_test.go @@ -106,7 +106,7 @@ func TestVP8Packet_Unmarshal(t *testing.T) { // attention to partition boundaries. In that case, it may // produce packets with minimal headers. - // The next two have been witnessed in nature. + // The next three have been witnessed in nature. _, err = pck.Unmarshal([]byte{0x00}) if err != nil { t.Errorf("Empty packet with trivial header: %v", err) @@ -115,6 +115,13 @@ func TestVP8Packet_Unmarshal(t *testing.T) { if err != nil { t.Errorf("Non-empty packet with trivial header: %v", err) } + raw, err = pck.Unmarshal([]byte{0x81, 0x81, 0x94}) + if raw != nil { + t.Fatal("Result should be nil in case of error") + } + if !errors.Is(err, errShortPacket) { + t.Fatal("Error should be:", errShortPacket) + } // The following two were invented. _, err = pck.Unmarshal([]byte{0x80, 0x00})