Re: [Live-devel] [Security Issue][liblivemedia] stack buffer overflow in liblivemedia

2020-07-08 Thread Ross Finlayson
Xiaobo, Many thanks for reporting this. The problem was not the call to “sscanf()” (because the buffer being read into is guaranteed to be large enough), but the subsequent call to “sprintf()” (using a fixed buffer size of 100). I have now installed a new version (2020.07.09) of the “LIVE555 S

[Live-devel] [Security Issue][liblivemedia] stack buffer overflow in liblivemedia

2020-07-08 Thread 向小波
[summary] In the latest version of live555 mediaserver, there is a stack based buffer overflow vulnerability when parsing 'PLAY' command. An attacker is able to send a sequence of malformed RTSP packets to trigger this issue. In the worst case, the media server running this service can be exploite

Re: [Live-devel] waiting for SPS/PPS

2020-07-08 Thread Ross Finlayson
> On Jul 9, 2020, at 7:02 AM, Matthew Czarnek wrote: > > It does seem like a good idea to be setting "profile-level-id" I could > definitely see us using it.. is there an easy way to set that? Once again, the “profile-level-id” comes automatically from the SPS NAL unit, so you don’t need to

Re: [Live-devel] new to Live555, seeking info and advice

2020-07-08 Thread Blake Senftner
Thank you Ross, your information and the additional info from Camille Aimez is the ticket to my needs. Been running stress tests with a looping variant of the Live555MediaServer, and am seriously impressed by Live555 all over again. Blake Senftner Sr. Software Scientist | CyberExtruder bsenft

Re: [Live-devel] new to Live555, seeking info and advice

2020-07-08 Thread Blake Senftner
Thank you for the quick replies, Ross & Mathew. >> Q1: Does anyone know of or have their own Live555 tutorial, blog or related >> resource to learn this code base better? Any books? > >No. As described in our FAQ (which everyone is asked to read before posting >to the mailing list :-), all

Re: [Live-devel] waiting for SPS/PPS

2020-07-08 Thread Matthew Czarnek
Thanks Ross, whoops, it was indeed my variable.. that's what I get for naming it similar to how you name your variables :) I didn't make any changes to that part of the code that parses the sprop, then passes it into H264VideoRTPSink, so I'm not sure why that was happening and it's weird that it s

Re: [Live-devel] new to Live555, seeking info and advice

2020-07-08 Thread Matthew Czarnek
Personally, though I haven't found wonderful through compiled documentation(would be nice), Ross is extremely good at supporting the project and I have been able to find answer to most problems I've encountered by search google and finding a similar question Ross has answered for someone else OR se

Re: [Live-devel] new to Live555, seeking info and advice

2020-07-08 Thread Ross Finlayson
> On Jul 9, 2020, at 1:20 AM, Blake Senftner > wrote: > > Q1: Does anyone know of or have their own Live555 tutorial, blog or related > resource to learn this code base better? Any books? No. As described in our FAQ (which everyone is asked to read before posting to the mailing list :-),

[Live-devel] new to Live555, seeking info and advice

2020-07-08 Thread Blake Senftner
Hello Live-Devel, First off, I am extremely impressed by what I find in the Live555 source code. Fantastic job and a standing ovation to the responsible. I am an experienced C/C++ developer new to the Live555 code base. I work at a video security software company as a senior developer. Having