Fixing heap read overflow when "sctp-port" is in a video description. This added an SCTP codec, which is later re-interpreted as a video codec. We shouldn't be adding codecs that don't match the type of the media description. BUG=chromium:648062 Review-Url: https://codereview.webrtc.org/2354723002 Cr-Commit-Position: refs/heads/master@{#14421}

commit: 7e146cb97e27644691a8017fe252dfc184c03808 [log] [tgz]
author: deadbeef <deadbeef@webrtc.org> Wed Sep 28 10:04:34 2016 -0700
committer: Commit bot <commit-bot@chromium.org> Wed Sep 28 17:04:41 2016 +0000
tree: 67563e567146fa94100209df1480a66d9c84a782
parent: 478681e1e6e6c5d66366672614d58b10ad7df083 [diff] [blame]
diff --git a/webrtc/api/webrtcsdp.cc b/webrtc/api/webrtcsdp.cc
index 7238131..4df4ef8 100644
--- a/webrtc/api/webrtcsdp.cc
+++ b/webrtc/api/webrtcsdp.cc

@@ -2651,6 +2651,11 @@
         return false;
       }
     } else if (IsDtlsSctp(protocol) && HasAttribute(line, kAttributeSctpPort)) {
+      if (media_type != cricket::MEDIA_TYPE_DATA) {
+        return ParseFailed(
+            line, "sctp-port attribute found in non-data media description.",
+            error);
+      }
       int sctp_port;
       if (!ParseSctpPort(line, &sctp_port, error)) {
         return false;
commit	7e146cb97e27644691a8017fe252dfc184c03808	[log] [tgz]
author	deadbeef <deadbeef@webrtc.org>	Wed Sep 28 10:04:34 2016 -0700
committer	Commit bot <commit-bot@chromium.org>	Wed Sep 28 17:04:41 2016 +0000
tree	67563e567146fa94100209df1480a66d9c84a782
parent	478681e1e6e6c5d66366672614d58b10ad7df083 [diff] [blame]