Index: webrtc/modules/rtp_rtcp/source/rtp_packet.cc |
diff --git a/webrtc/modules/rtp_rtcp/source/rtp_packet.cc b/webrtc/modules/rtp_rtcp/source/rtp_packet.cc |
index 8c8fa0e79ad62d47cff2dc3dfd0b6c9fc70e260e..283512cd8fa51e7d7dc74da62f5cc116f9051ad3 100644 |
--- a/webrtc/modules/rtp_rtcp/source/rtp_packet.cc |
+++ b/webrtc/modules/rtp_rtcp/source/rtp_packet.cc |
@@ -11,6 +11,7 @@ |
#include "webrtc/modules/rtp_rtcp/source/rtp_packet.h" |
#include <cstring> |
+#include <utility> |
#include "webrtc/base/checks.h" |
#include "webrtc/base/logging.h" |
@@ -397,11 +398,16 @@ bool Packet::ParseBuffer(const uint8_t* buffer, size_t size) { |
} |
uint8_t length = |
1 + (buffer[extension_offset + extensions_size_] & 0xf); |
- extensions_size_ += kOneByteHeaderSize; |
+ if (extensions_size_ + kOneByteHeaderSize + length > |
+ extensions_capacity) { |
+ LOG(LS_WARNING) << "Oversized rtp header extension."; |
+ break; |
+ } |
if (num_extensions_ >= kMaxExtensionHeaders) { |
- LOG(LS_WARNING) << "Too many extensions."; |
- return false; |
+ LOG(LS_WARNING) << "Too many rtp header extensions."; |
+ break; |
} |
+ extensions_size_ += kOneByteHeaderSize; |
extension_entries_[num_extensions_].type = |
extensions_ ? extensions_->GetType(id) |
: ExtensionManager::kInvalidType; |