[vlc-commits] [Git][videolan/vlc][master] 7 commits: access: amt: group b_is_fragmented check
Steve Lhomme (@robUx4)
gitlab at videolan.org
Tue Apr 28 06:55:05 UTC 2026
Steve Lhomme pushed to branch master at VideoLAN / VLC
Commits:
762f1295 by Steve Lhomme at 2026-04-28T06:13:16+00:00
access: amt: group b_is_fragmented check
No functional changes
- - - - -
7eb6f53c by Steve Lhomme at 2026-04-28T06:13:16+00:00
access: amt: factorize payload_len subtraction when fragment_id is not 0
- - - - -
e805e6c4 by Steve Lhomme at 2026-04-28T06:13:16+00:00
demux: amt: check the payload len is big enough
Otherwise generate an error like when len < tunnel + 8.
Fixes #29805
- - - - -
ab8bbedd by Steve Lhomme at 2026-04-28T06:13:16+00:00
demux: amt: fix indentation
- - - - -
97282df8 by Steve Lhomme at 2026-04-28T06:13:16+00:00
demux: amt: check the non-fragmented payload can be shifted
- - - - -
87402893 by Steve Lhomme at 2026-04-28T06:13:16+00:00
demux: amt: use const for the fixed tunnel length
- - - - -
7d73d0a1 by Steve Lhomme at 2026-04-28T06:13:16+00:00
access: amt: receive the amount allocated for the block
- - - - -
1 changed file:
- modules/access/amt.c
Changes:
=====================================
modules/access/amt.c
=====================================
@@ -660,7 +660,7 @@ static block_t *BlockAMT(stream_t *p_access, bool *restrict eof)
{
access_sys_t *sys = p_access->p_sys;
ssize_t len = 0, shift = 0;
- int tunnel = UDP_HDR_LEN + AMT_HDR_LEN + (sys->mcastGroupAddr.sin.sin_family == AF_INET ? IP_HDR_LEN : IPv6_FIXED_HDR_LEN );
+ const int tunnel = UDP_HDR_LEN + AMT_HDR_LEN + (sys->mcastGroupAddr.sin.sin_family == AF_INET ? IP_HDR_LEN : IPv6_FIXED_HDR_LEN );
/* Allocate anticipated MTU buffer for holding the UDP packet suitable for native or AMT tunneled multicast */
block_t *pkt = block_Alloc( sys->mtu + tunnel );
@@ -701,7 +701,7 @@ static block_t *BlockAMT(stream_t *p_access, bool *restrict eof)
{
/* AMT is a wrapper for UDP streams, so recv is used. */
- len = recv( sys->sAMT, pkt->p_buffer, sys->mtu + tunnel, 0 );
+ len = recv( sys->sAMT, pkt->p_buffer, pkt->i_buffer, 0 );
/* Check for the integrity of the received AMT packet */
if( len < tunnel || *(pkt->p_buffer) != AMT_MULT_DATA )
@@ -737,48 +737,57 @@ static block_t *BlockAMT(stream_t *p_access, bool *restrict eof)
/* we can probably survive this (provided there is no fragmentation) since we calculate the length as the difference between the length of the received data and the length listed in the ip header */
}
- if ( b_is_fragmented && len < tunnel + 8 )
+ if ( b_is_fragmented )
{
- msg_Err(p_access, "Received length of data %zd is smaller than minimum length for an ip header + fragmentation header (%d)",len, tunnel + 8);
- goto error;
- }
-
- uint32_t tmp = 0;
- memcpy(&tmp,&pkt->p_buffer[AMT_HDR_LEN + IPv6_FIXED_HDR_LEN + 4],4);
- if ( b_is_fragmented && !fragment_id )
- {
- /* this is the start of a fragment, payload len in the ipv6 header will be wrong */
- payload_len = len - (tunnel + 8);
-
- fragment_id = tmp;
-
- i_next_hdr = pkt->p_buffer[AMT_HDR_LEN + IPv6_FIXED_HDR_LEN];
- if ( i_next_hdr != 17 )
+ if ( len < tunnel + 8 )
{
- msg_Err(p_access, "Received unexpected next header in ipv6 fragment header: next header = %d",i_next_hdr);
- goto error; /* here we actually need to be sure the next header is UDP othewrise we cant know the payload length */
+ msg_Err(p_access, "Received length of data %zd is smaller than minimum length for an ip header + fragmentation header (%d)",len, tunnel + 8);
+ goto error;
}
- msg_Dbg(p_access, "Start of new fragment, id is 0x%x (NETWORK BYTE ORDER) , first fragment's length is %u (%zd total - %d tunnel size) (mtu is %zd)",fragment_id, payload_len,len,tunnel,sys->mtu);
- }
- else if ( b_is_fragmented && fragment_id != tmp )
- {
- msg_Warn(p_access, "Received fragment id does not match last seen fragment id : 0x%x expected vs 0x%x received",fragment_id,tmp);
- payload_len -= 8; /* still try to receive it */
- }
- else if ( b_is_fragmented )
- {
- /* this is a subsequent fragment, the payload len in the ipv6 header is right, just need to subtract fragmentation header length */
- payload_len -= 8;
- }
+ uint32_t tmp = 0;
+ memcpy(&tmp,&pkt->p_buffer[AMT_HDR_LEN + IPv6_FIXED_HDR_LEN + 4],4);
+ if ( !fragment_id )
+ {
+ /* this is the start of a fragment, payload len in the ipv6 header will be wrong */
+ payload_len = len - (tunnel + 8);
- if ( b_is_fragmented && (pkt->p_buffer[AMT_HDR_LEN + IPv6_FIXED_HDR_LEN + 3] & 1) == 0 )
- {
- fragment_id = 0; /* no more fragments */
- }
+ fragment_id = tmp;
+ i_next_hdr = pkt->p_buffer[AMT_HDR_LEN + IPv6_FIXED_HDR_LEN];
+ if ( i_next_hdr != 17 )
+ {
+ msg_Err(p_access, "Received unexpected next header in ipv6 fragment header: next header = %d",i_next_hdr);
+ goto error; /* here we actually need to be sure the next header is UDP othewrise we cant know the payload length */
+ }
+ msg_Dbg(p_access, "Start of new fragment, id is 0x%x (NETWORK BYTE ORDER) , first fragment's length is %u (%zd total - %d tunnel size) (mtu is %zd)",fragment_id, payload_len,len,tunnel,sys->mtu);
+ }
+ else
+ {
+ if ( payload_len < 8 )
+ {
+ msg_Err(p_access, "Received length of fragmented data %" PRIu16 " is smaller than 8",payload_len);
+ goto error;
+ }
+ payload_len -= 8;
+
+ if ( fragment_id != tmp )
+ {
+ msg_Warn(p_access, "Received fragment id does not match last seen fragment id : 0x%x expected vs 0x%x received",fragment_id,tmp);
+ /* still try to receive it */
+ }
+ else
+ {
+ /* this is a subsequent fragment, the payload len in the ipv6 header is right, just need to subtract fragmentation header length */
+ }
+ }
+ if ( (pkt->p_buffer[AMT_HDR_LEN + IPv6_FIXED_HDR_LEN + 3] & 1) == 0 )
+ {
+ fragment_id = 0; /* no more fragments */
+ }
+ }
}
else
{
@@ -789,6 +798,11 @@ static block_t *BlockAMT(stream_t *p_access, bool *restrict eof)
/* if its fragmented, payload_len will be set correctly before we get here */
if ( !b_is_fragmented )
{
+ if ( payload_len < UDP_HDR_LEN )
+ {
+ msg_Err(p_access, "Non-fragmented payload too small");
+ goto error;
+ }
payload_len -= UDP_HDR_LEN;
}
@@ -816,7 +830,7 @@ static block_t *BlockAMT(stream_t *p_access, bool *restrict eof)
/* Otherwise pull native multicast */
struct sockaddr temp;
socklen_t temp_size = sizeof( struct sockaddr );
- len = recvfrom( sys->fd, (char *)pkt->p_buffer, sys->mtu + tunnel, 0, &temp, &temp_size );
+ len = recvfrom( sys->fd, (char *)pkt->p_buffer, pkt->i_buffer, 0, &temp, &temp_size );
if ( len <= 0 )
{
msg_Err(p_access, "recv() call failed: %zd was returned", len);
View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/fba710fac6f73440ed14a5480ae500f0282c6b87...7d73d0a102a345625c9709df60c109703b2dc31d
--
View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/fba710fac6f73440ed14a5480ae500f0282c6b87...7d73d0a102a345625c9709df60c109703b2dc31d
You're receiving this email because of your account on code.videolan.org.
More information about the vlc-commits
mailing list