diff options
author | Matthias P. Braendli <matthias.braendli@mpb.li> | 2018-03-01 17:56:10 +0100 |
---|---|---|
committer | Matthias P. Braendli <matthias.braendli@mpb.li> | 2018-03-01 17:56:10 +0100 |
commit | a26e93760f4e1d73191be2dfb3ba99a567032c1d (patch) | |
tree | d605af8332fcbaace143199b46f1c32da64e89b9 /src/input | |
parent | 170f13dd81858eb0a31ac0093b0f5d4ff471f40e (diff) | |
download | dabmux-a26e93760f4e1d73191be2dfb3ba99a567032c1d.tar.gz dabmux-a26e93760f4e1d73191be2dfb3ba99a567032c1d.tar.bz2 dabmux-a26e93760f4e1d73191be2dfb3ba99a567032c1d.zip |
Check for ZMQ message size before dereferencing frame
Diffstat (limited to 'src/input')
-rw-r--r-- | src/input/Zmq.cpp | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/input/Zmq.cpp b/src/input/Zmq.cpp index 1ba994e..1dd49af 100644 --- a/src/input/Zmq.cpp +++ b/src/input/Zmq.cpp @@ -2,7 +2,7 @@ Copyright (C) 2009 Her Majesty the Queen in Right of Canada (Communications Research Center Canada) - Copyright (C) 2017 Matthias P. Braendli + Copyright (C) 2018 Matthias P. Braendli http://www.opendigitalradio.org ZeroMQ input. see www.zeromq.org for more info @@ -360,7 +360,8 @@ int ZmqMPEG::readFromSocket(size_t framesize) /* Look for the new zmq_frame_header_t format */ zmq_frame_header_t* frame = (zmq_frame_header_t*)msg.data(); - if (msg.size() == ZMQ_FRAME_SIZE(frame) and + if ( msg.size() >= sizeof(zmq_frame_header_t) and + msg.size() == ZMQ_FRAME_SIZE(frame) and frame->version == 1 and frame->encoder == ZMQ_ENCODER_TOOLAME) { datalen = frame->datasize; @@ -429,7 +430,8 @@ int ZmqAAC::readFromSocket(size_t framesize) /* Look for the new zmq_frame_header_t format */ zmq_frame_header_t* frame = (zmq_frame_header_t*)msg.data(); - if (msg.size() == ZMQ_FRAME_SIZE(frame) and + if ( msg.size() >= sizeof(zmq_frame_header_t) and + msg.size() == ZMQ_FRAME_SIZE(frame) and frame->version == 1 and frame->encoder == ZMQ_ENCODER_FDK) { datalen = frame->datasize; |