Fixing heap read overflow when "sctp-port" is in a video description.
This added an SCTP codec, which is later re-interpreted as a video
codec. We shouldn't be adding codecs that don't match the type of the
media description.
BUG=chromium:648062
Review-Url: https://codereview.webrtc.org/2354723002
Cr-Original-Commit-Position: refs/heads/master@{#14421}
Cr-Mirrored-From: https://chromium.googlesource.com/external/webrtc
Cr-Mirrored-Commit: 7e146cb97e27644691a8017fe252dfc184c03808
diff --git a/api/webrtcsdp.cc b/api/webrtcsdp.cc
index 7238131..4df4ef8 100644
--- a/api/webrtcsdp.cc
+++ b/api/webrtcsdp.cc
@@ -2651,6 +2651,11 @@
return false;
}
} else if (IsDtlsSctp(protocol) && HasAttribute(line, kAttributeSctpPort)) {
+ if (media_type != cricket::MEDIA_TYPE_DATA) {
+ return ParseFailed(
+ line, "sctp-port attribute found in non-data media description.",
+ error);
+ }
int sctp_port;
if (!ParseSctpPort(line, &sctp_port, error)) {
return false;