From e40b437401966fe06b0c4d5430c35e4494675c90 Mon Sep 17 00:00:00 2001
From: Danil Chapovalov <danilchap@webrtc.org>
Date: Mon, 2 Jul 2018 11:03:06 +0200
Subject: [PATCH] Discard frame self-dependency when parsing genric frame
 descriptor

Bug: chromium:859281
Change-Id: Ieb96f633a93f4f2e498bb1949339e239184bce9d
Reviewed-on: https://webrtc-review.googlesource.com/86545
Reviewed-by: Philip Eliasson <philipel@webrtc.org>
Reviewed-by: Alex Loiko <aleloi@webrtc.org>
Commit-Queue: Danil Chapovalov <danilchap@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#23817}
---
 .../source/rtp_generic_frame_descriptor.cc         |   2 ++
 test/fuzzers/corpora/rtp-corpus/rtp-7              | Bin 0 -> 58 bytes
 2 files changed, 2 insertions(+)
 create mode 100644 test/fuzzers/corpora/rtp-corpus/rtp-7

diff --git a/modules/rtp_rtcp/source/rtp_generic_frame_descriptor.cc b/modules/rtp_rtcp/source/rtp_generic_frame_descriptor.cc
index ab70b0da77..080cac7a8d 100644
--- a/modules/rtp_rtcp/source/rtp_generic_frame_descriptor.cc
+++ b/modules/rtp_rtcp/source/rtp_generic_frame_descriptor.cc
@@ -60,6 +60,8 @@ bool RtpGenericFrameDescriptor::AddFrameDependencyDiff(uint16_t fdiff) {
   RTC_DCHECK(FirstPacketInSubFrame());
   if (num_frame_deps_ == kMaxNumFrameDependencies)
     return false;
+  if (fdiff == 0)
+    return false;
   RTC_DCHECK_LT(fdiff, 1 << 14);
   RTC_DCHECK_GT(fdiff, 0);
   frame_deps_id_diffs_[num_frame_deps_] = fdiff;
diff --git a/test/fuzzers/corpora/rtp-corpus/rtp-7 b/test/fuzzers/corpora/rtp-corpus/rtp-7
new file mode 100644
index 0000000000000000000000000000000000000000..6c4a9feb5242943c0fe8c8a5b9c872e3dafeacd2
GIT binary patch
literal 58
ucmexgFrgqW#nDMcD@IE(W8Xant_C2;2N56uW=v>oINAZ^Fmf><i2(rK`5Auz

literal 0
HcmV?d00001