RTPFragmentationHeader::VerifyAndAllocateFragmentationHeader: Verify that size fits in 16 bits
This CL change the function declaration from uint16_t to size_t, and CHECKs that the size fits in uint16_t before proceeding. BUG=484432 R=tommi@webrtc.org Committed: https://crrev.com/10022cdeae785187e1d4329042b4ed294c393a16 Cr-Commit-Position: refs/heads/master@{#9246} Review URL: https://webrtc-codereview.appspot.com/47229004 Cr-Commit-Position: refs/heads/master@{#9253}
This commit is contained in:
parent
36a1438a66
commit
a3ba0c7f5a
@ -15,6 +15,7 @@
|
||||
#include <string.h> // memcpy
|
||||
|
||||
#include <algorithm>
|
||||
#include <limits>
|
||||
|
||||
#include "webrtc/base/constructormagic.h"
|
||||
#include "webrtc/common_types.h"
|
||||
@ -193,15 +194,17 @@ class RTPFragmentationHeader {
|
||||
}
|
||||
}
|
||||
|
||||
void VerifyAndAllocateFragmentationHeader(const uint16_t size) {
|
||||
if (fragmentationVectorSize < size) {
|
||||
void VerifyAndAllocateFragmentationHeader(const size_t size) {
|
||||
assert(size <= std::numeric_limits<uint16_t>::max());
|
||||
const uint16_t size16 = static_cast<uint16_t>(size);
|
||||
if (fragmentationVectorSize < size16) {
|
||||
uint16_t oldVectorSize = fragmentationVectorSize;
|
||||
{
|
||||
// offset
|
||||
size_t* oldOffsets = fragmentationOffset;
|
||||
fragmentationOffset = new size_t[size];
|
||||
fragmentationOffset = new size_t[size16];
|
||||
memset(fragmentationOffset + oldVectorSize, 0,
|
||||
sizeof(size_t) * (size - oldVectorSize));
|
||||
sizeof(size_t) * (size16 - oldVectorSize));
|
||||
// copy old values
|
||||
memcpy(fragmentationOffset, oldOffsets,
|
||||
sizeof(size_t) * oldVectorSize);
|
||||
@ -210,9 +213,9 @@ class RTPFragmentationHeader {
|
||||
// length
|
||||
{
|
||||
size_t* oldLengths = fragmentationLength;
|
||||
fragmentationLength = new size_t[size];
|
||||
fragmentationLength = new size_t[size16];
|
||||
memset(fragmentationLength + oldVectorSize, 0,
|
||||
sizeof(size_t) * (size - oldVectorSize));
|
||||
sizeof(size_t) * (size16 - oldVectorSize));
|
||||
memcpy(fragmentationLength, oldLengths,
|
||||
sizeof(size_t) * oldVectorSize);
|
||||
delete[] oldLengths;
|
||||
@ -220,9 +223,9 @@ class RTPFragmentationHeader {
|
||||
// time diff
|
||||
{
|
||||
uint16_t* oldTimeDiffs = fragmentationTimeDiff;
|
||||
fragmentationTimeDiff = new uint16_t[size];
|
||||
fragmentationTimeDiff = new uint16_t[size16];
|
||||
memset(fragmentationTimeDiff + oldVectorSize, 0,
|
||||
sizeof(uint16_t) * (size - oldVectorSize));
|
||||
sizeof(uint16_t) * (size16 - oldVectorSize));
|
||||
memcpy(fragmentationTimeDiff, oldTimeDiffs,
|
||||
sizeof(uint16_t) * oldVectorSize);
|
||||
delete[] oldTimeDiffs;
|
||||
@ -230,14 +233,14 @@ class RTPFragmentationHeader {
|
||||
// payload type
|
||||
{
|
||||
uint8_t* oldTimePlTypes = fragmentationPlType;
|
||||
fragmentationPlType = new uint8_t[size];
|
||||
fragmentationPlType = new uint8_t[size16];
|
||||
memset(fragmentationPlType + oldVectorSize, 0,
|
||||
sizeof(uint8_t) * (size - oldVectorSize));
|
||||
sizeof(uint8_t) * (size16 - oldVectorSize));
|
||||
memcpy(fragmentationPlType, oldTimePlTypes,
|
||||
sizeof(uint8_t) * oldVectorSize);
|
||||
delete[] oldTimePlTypes;
|
||||
}
|
||||
fragmentationVectorSize = size;
|
||||
fragmentationVectorSize = size16;
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user