From dff1690fe1fe603056ce9b6019f7c52063053f36 Mon Sep 17 00:00:00 2001
From: Cameron Gutman <aicommander@gmail.com>
Date: Tue, 15 Oct 2024 23:00:16 -0500
Subject: [PATCH] Validate channel count before parsing Opus param string

---
 src/RtspConnection.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/RtspConnection.c b/src/RtspConnection.c
index 60d5bf4..6f2a183 100644
--- a/src/RtspConnection.c
+++ b/src/RtspConnection.c
@@ -664,6 +664,11 @@ static bool sendVideoAnnounce(PRTSP_MESSAGE response, int* error) {
 static int parseOpusConfigFromParamString(char* paramStr, int channelCount, POPUS_MULTISTREAM_CONFIGURATION opusConfig) {
     int i;
 
+    if (channelCount > AUDIO_CONFIGURATION_MAX_CHANNEL_COUNT) {
+        Limelog("Invalid channel count: %d\n", channelCount);
+        return -1;
+    }
+
     // Set channel count (included in the prefix, so not parsed below)
     opusConfig->channelCount = channelCount;
 
@@ -760,6 +765,7 @@ static int parseOpusConfigurations(PRTSP_MESSAGE response) {
             // Parse the normal quality Opus config
             err = parseOpusConfigFromParamString(paramStart, channelCount, &NormalQualityOpusConfig);
             if (err != 0) {
+                LC_ASSERT(err == 0);
                 return err;
             }
 
@@ -788,6 +794,7 @@ static int parseOpusConfigurations(PRTSP_MESSAGE response) {
                 // Parse the high quality Opus config
                 err = parseOpusConfigFromParamString(paramStart, channelCount, &HighQualityOpusConfig);
                 if (err != 0) {
+                    LC_ASSERT(err == 0);
                     return err;
                 }