Skip to content

Commit 7d2ade7

Browse files
chenosauruschenosaurus
committed
fix max length
1 parent 0579e4f commit 7d2ade7

2 files changed

Lines changed: 21 additions & 17 deletions

File tree

webrtc-sys/include/livekit/packet_trailer.h

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,9 @@ constexpr size_t kTrailerEnvelopeSize = 5;
6262
// TLV tag IDs
6363
constexpr uint8_t kTagTimestampUs = 0x01; // value: 8 bytes big-endian uint64
6464
constexpr uint8_t kTagFrameId = 0x02; // value: 4 bytes big-endian uint32
65-
constexpr uint8_t kTagUserData = 0x03; // value: arbitrary bytes (len <= 255)
65+
constexpr uint8_t kTagUserData = 0x03; // value: arbitrary bytes, bounded
66+
// by the remaining trailer budget
67+
// (255 - fixed TLVs - envelope - 2)
6668

6769
constexpr size_t kTimestampTlvSize = 10; // tag + len + 8-byte value
6870
constexpr size_t kFrameIdTlvSize = 6; // tag + len + 4-byte value

webrtc-sys/src/packet_trailer.cpp

Lines changed: 18 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -246,22 +246,24 @@ std::vector<uint8_t> PacketTrailerTransformer::AppendTrailer(
246246
kTrailerEnvelopeSize;
247247

248248
// user_data is embedded only if it fits the remaining trailer budget.
249-
// The trailer length is a single byte (max 255 total) and the TLV length
250-
// field is also a single byte; oversize user_data is dropped + logged
251-
// rather than truncated, so the frame is never silently corrupted.
252-
bool embed_user_data = false;
253-
if (!user_data.empty()) {
254-
if (user_data.size() <= 255 &&
255-
fixed_len + kUserDataTlvHeaderSize + user_data.size() <=
256-
kPacketTrailerMaxTotal) {
257-
embed_user_data = true;
258-
} else {
259-
RTC_LOG(LS_WARNING)
260-
<< "PacketTrailerTransformer::AppendTrailer dropping user_data: "
261-
<< user_data.size() << " bytes exceeds remaining trailer budget ("
262-
<< (kPacketTrailerMaxTotal - fixed_len - kUserDataTlvHeaderSize)
263-
<< " bytes)";
264-
}
249+
// The whole trailer length is a single byte (255 max), so after the
250+
// always-present timestamp TLV, the optional frame_id TLV, the envelope
251+
// and this TLV's own 2-byte header, the value can never approach 255 --
252+
// the real cap is (255 - fixed_len - 2), at most ~238 bytes. Oversize
253+
// user_data is dropped + logged rather than truncated, so the frame is
254+
// never silently corrupted. (This bound is always < 256, so the 1-byte
255+
// TLV length field below can't overflow.)
256+
const size_t user_data_budget =
257+
kPacketTrailerMaxTotal > fixed_len + kUserDataTlvHeaderSize
258+
? kPacketTrailerMaxTotal - fixed_len - kUserDataTlvHeaderSize
259+
: 0;
260+
const bool embed_user_data =
261+
!user_data.empty() && user_data.size() <= user_data_budget;
262+
if (!user_data.empty() && !embed_user_data) {
263+
RTC_LOG(LS_WARNING)
264+
<< "PacketTrailerTransformer::AppendTrailer dropping user_data: "
265+
<< user_data.size() << " bytes exceeds remaining trailer budget ("
266+
<< user_data_budget << " bytes)";
265267
}
266268

267269
const size_t trailer_len =

0 commit comments

Comments
 (0)