@@ -1935,28 +1935,23 @@ static int whip_write_packet(AVFormatContext *s, AVPacket *pkt)
19351935 */
19361936 if (media_is_rtcp (whip -> buf , ret )) {
19371937 int ptr = 0 ;
1938- while ( ptr + 4 <= ret ) {
1939- uint8_t pt = whip -> buf [ptr + 1 ] ;
1940- uint8_t fmt = ( whip -> buf [ ptr ] & 0x1f );
1938+ uint8_t pt = whip -> buf [ ptr + 1 ];
1939+ uint8_t fmt = ( whip -> buf [ptr ] & 0x1f ) ;
1940+ if ( ptr + 4 <= ret && pt == 205 && fmt == 1 ) {
19411941 /**
19421942 * Refer to RFC 3550, Section 6.4.1.
19431943 * The length of this RTCP packet in 32-bit words minus one,
19441944 * including the header and any padding.
19451945 */
19461946 int len = (AV_RB16 (& whip -> buf [ptr + 2 ]) + 1 ) * 4 ;
1947- if (ptr + len > ret ) break ;
1948-
1949- if (pt == 205 && fmt == 1 && len >= 12 ) { /* PT=RTPFB, FMT=1 */
1950- int i ;
1947+ if (ptr + len < ret && len >= 12 ) {
1948+ int i = 0 ;
19511949 /* SRTCP index(4 bytes) + HMAC (SRTP_AES128_CM_SHA1_80 10bytes) */
19521950 int srtcp_len = len + 4 + 10 ;
19531951 int ret = ff_srtp_decrypt (& whip -> srtp_recv , whip -> buf , & srtcp_len );
1954- if (ret < 0 ) {
1952+ if (ret < 0 )
19551953 av_log (whip , AV_LOG_ERROR , "WHIP: SRTCP decrypt failed: %d\n" , ret );
1956- // packet is invalid or authentication failed
1957- break ;
1958- }
1959- for (i = 0 ; 14 + i <= len ; i = i + 4 ) {
1954+ while (12 + i < len && ret >= 0 ) {
19601955 /**
19611956 * See https://datatracker.ietf.org/doc/html/rfc4585#section-6.1
19621957 * Handle multi NACKs in bundled packet.
@@ -1977,9 +1972,9 @@ static int whip_write_packet(AVFormatContext *s, AVPacket *pkt)
19771972 } else
19781973 av_log (whip , AV_LOG_INFO , "WHIP: NACK packet, seq=%d, blp=%d, not found, the latest packet seq: %d\n" , seq , blp , whip -> history [whip -> hist_head - 1 ].seq );
19791974 }
1975+ i = i + 4 ;
19801976 }
19811977 }
1982- break ;
19831978 }
19841979 }
19851980 } else if (ret != AVERROR (EAGAIN )) {
0 commit comments