From f6b4056ca5e125c8e08c0591023c13aae3249a74 Mon Sep 17 00:00:00 2001
From: Ivo Creusen <ivoc@webrtc.org>
Date: Tue, 7 Sep 2021 20:54:24 +0000
Subject: [PATCH] Avoid accessing uninitialized memory when RTCP block fails to
 parse.

The HandleXr method has output arguments that are not set when an RTCP
report cannot be parsed. We should give these a sensible default value
to avoid accessing uninitialized memory

Bug: chromium:1247182
Change-Id: I6c54260aef3834643c41b96c0709489522d82533
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/231237
Commit-Queue: Ivo Creusen <ivoc@webrtc.org>
Reviewed-by: Danil Chapovalov <danilchap@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#34943}
---
 modules/rtp_rtcp/source/rtcp_receiver.cc | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/modules/rtp_rtcp/source/rtcp_receiver.cc b/modules/rtp_rtcp/source/rtcp_receiver.cc
index e64b6932ba..47843be810 100644
--- a/modules/rtp_rtcp/source/rtcp_receiver.cc
+++ b/modules/rtp_rtcp/source/rtcp_receiver.cc
@@ -482,14 +482,15 @@ bool RTCPReceiver::ParseCompoundPacket(rtc::ArrayView<const uint8_t> packet,
       case rtcp::Sdes::kPacketType:
         HandleSdes(rtcp_block, packet_information);
         break;
-      case rtcp::ExtendedReports::kPacketType:
-        bool contains_dlrr;
-        uint32_t ssrc;
+      case rtcp::ExtendedReports::kPacketType: {
+        bool contains_dlrr = false;
+        uint32_t ssrc = 0;
         HandleXr(rtcp_block, packet_information, contains_dlrr, ssrc);
         if (contains_dlrr) {
           received_blocks[ssrc].dlrr = true;
         }
         break;
+      }
       case rtcp::Bye::kPacketType:
         HandleBye(rtcp_block);
         break;