diff options
author | Roger Zanoni <rzanoni@google.com> | 2022-07-04 08:25:03 +0000 |
---|---|---|
committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2022-07-25 14:24:35 +0000 |
commit | 1c2293d656b2c6fe822f8575f430abcfadd40b4a (patch) | |
tree | 3dc9e5436deb1e2112728ce4318d3a914192f87f | |
parent | 1461ea96319c7ed5eb5323ba17749b57a6825832 (diff) | |
download | qtwebengine-chromium-1c2293d656b2c6fe822f8575f430abcfadd40b4a.tar.gz |
[Backport] CVE-2022-2294: Heap buffer overflow in WebRTC (1/2)
Cherry-pick of patch originally reviewed on
https://webrtc-review.googlesource.com/c/src/+/267281:
Do not allow simulcast to be turned off using SDP munging
This is an error that puts the PC into an inconsistent state, so
causing a crash is the right thing to do.
Bug: chromium:1341043
Change-Id: Ie1eb89400ad87f0c83634b7073236b07e92ec7ab
Commit-Queue: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#37391}
(cherry picked from commit 3fe8b0d9a980642ee5ebb1f9e429378b063c1f07)
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
-rw-r--r-- | chromium/third_party/webrtc/pc/rtp_sender.cc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/chromium/third_party/webrtc/pc/rtp_sender.cc b/chromium/third_party/webrtc/pc/rtp_sender.cc index d4286371be9..6b4fa3c039d 100644 --- a/chromium/third_party/webrtc/pc/rtp_sender.cc +++ b/chromium/third_party/webrtc/pc/rtp_sender.cc @@ -291,8 +291,8 @@ void RtpSenderBase::SetSsrc(uint32_t ssrc) { // we need to copy. RtpParameters current_parameters = media_channel_->GetRtpSendParameters(ssrc_); - RTC_DCHECK_GE(current_parameters.encodings.size(), - init_parameters_.encodings.size()); + RTC_CHECK_GE(current_parameters.encodings.size(), + init_parameters_.encodings.size()); for (size_t i = 0; i < init_parameters_.encodings.size(); ++i) { init_parameters_.encodings[i].ssrc = current_parameters.encodings[i].ssrc; |