summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthias P. Braendli <matthias.braendli@mpb.li>2018-03-01 17:56:10 +0100
committerMatthias P. Braendli <matthias.braendli@mpb.li>2018-03-01 17:56:10 +0100
commita26e93760f4e1d73191be2dfb3ba99a567032c1d (patch)
treed605af8332fcbaace143199b46f1c32da64e89b9
parent170f13dd81858eb0a31ac0093b0f5d4ff471f40e (diff)
downloaddabmux-a26e93760f4e1d73191be2dfb3ba99a567032c1d.tar.gz
dabmux-a26e93760f4e1d73191be2dfb3ba99a567032c1d.tar.bz2
dabmux-a26e93760f4e1d73191be2dfb3ba99a567032c1d.zip
Check for ZMQ message size before dereferencing frame
Diffstat
-rw-r--r--src/input/Zmq.cpp8
1 files changed, 5 insertions, 3 deletions
diff --git a/src/input/Zmq.cpp b/src/input/Zmq.cpp
index 1ba994e..1dd49af 100644
--- a/src/input/Zmq.cpp
+++ b/src/input/Zmq.cpp
@@ -2,7 +2,7 @@
Copyright (C) 2009 Her Majesty the Queen in Right of Canada (Communications
Research Center Canada)
- Copyright (C) 2017 Matthias P. Braendli
+ Copyright (C) 2018 Matthias P. Braendli
http://www.opendigitalradio.org
ZeroMQ input. see www.zeromq.org for more info
@@ -360,7 +360,8 @@ int ZmqMPEG::readFromSocket(size_t framesize)
/* Look for the new zmq_frame_header_t format */
zmq_frame_header_t* frame = (zmq_frame_header_t*)msg.data();
- if (msg.size() == ZMQ_FRAME_SIZE(frame) and
+ if ( msg.size() >= sizeof(zmq_frame_header_t) and
+ msg.size() == ZMQ_FRAME_SIZE(frame) and
frame->version == 1 and
frame->encoder == ZMQ_ENCODER_TOOLAME) {
datalen = frame->datasize;
@@ -429,7 +430,8 @@ int ZmqAAC::readFromSocket(size_t framesize)
/* Look for the new zmq_frame_header_t format */
zmq_frame_header_t* frame = (zmq_frame_header_t*)msg.data();
- if (msg.size() == ZMQ_FRAME_SIZE(frame) and
+ if ( msg.size() >= sizeof(zmq_frame_header_t) and
+ msg.size() == ZMQ_FRAME_SIZE(frame) and
frame->version == 1 and
frame->encoder == ZMQ_ENCODER_FDK) {
datalen = frame->datasize;
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-21 09:59:38 +0000