From 058ff2c047948952e52e4c0e65fbb03e48bc4502 Mon Sep 17 00:00:00 2001
From: Eugen Biegler <nupagadi@posteo.de>
Date: Fri, 7 Dec 2018 09:27:04 +0100
Subject: [PATCH] Fix bug found by fuzzer

---
 protos/fuzz.go | 18 ++++++++++++++++++
 protos/rtcp.go |  2 +-
 2 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 protos/fuzz.go

diff --git a/protos/fuzz.go b/protos/fuzz.go
new file mode 100644
index 0000000..03b2bde
--- /dev/null
+++ b/protos/fuzz.go
@@ -0,0 +1,18 @@
+// +build gofuzz
+
+package protos
+
+// To run the fuzzer, first download go-fuzz:
+// go get github.com/dvyukov/go-fuzz/...
+//
+// Then build the testing package:
+// go-fuzz-build github.com/negbie/heplify/protos
+//
+// And run the fuzzer
+//
+// go-fuzz -bin=fuzz-protos.zip -workdir=workdir
+
+func Fuzz(data []byte) int {
+	ParseRTCP(data)
+	return 0
+}
diff --git a/protos/rtcp.go b/protos/rtcp.go
index cafd53d..cca46ee 100644
--- a/protos/rtcp.go
+++ b/protos/rtcp.go
@@ -197,7 +197,7 @@ func ParseRTCP(data []byte) (ssrcBytes []byte, rtcpPkt []byte, infoMsg string) {
 	offset := 0
 
 	for dataLen > 0 {
-		if dataLen < 4 || dataLen > 576 || offset >= len(data) {
+		if dataLen < 4 || dataLen > 768 || offset > len(data)-4 {
 			infoMsg = fmt.Sprintf("Fishy RTCP dataLen=%d, offset=%d in packet:\n% X", dataLen, offset, data)
 			break
 		}