From 162a72dd9623ee0f286821563d87719d02f7e023 Mon Sep 17 00:00:00 2001
From: Alessandro Ros <aler9.dev@gmail.com>
Date: Thu, 1 May 2025 16:54:55 +0200
Subject: [PATCH] prevent decoding SDPs without media streams (#769)

---
 pkg/description/session.go                      |  4 ++++
 pkg/description/session_test.go                 | 17 +++++++++++++----
 .../fuzz/FuzzSessionUnmarshal/5838cdfae7b16cde  |  2 ++
 pkg/format/format_test.go                       | 11 +++++++++--
 4 files changed, 28 insertions(+), 6 deletions(-)
 create mode 100644 pkg/description/testdata/fuzz/FuzzSessionUnmarshal/5838cdfae7b16cde

diff --git a/pkg/description/session.go b/pkg/description/session.go
index 4a77f1cd..c65691cb 100644
--- a/pkg/description/session.go
+++ b/pkg/description/session.go
@@ -74,6 +74,10 @@ func (d *Session) Unmarshal(ssd *sdp.SessionDescription) error {
 		d.Title = ""
 	}
 
+	if len(ssd.MediaDescriptions) == 0 {
+		return fmt.Errorf("no media streams are present in SDP")
+	}
+
 	d.Medias = make([]*Media, len(ssd.MediaDescriptions))
 
 	for i, md := range ssd.MediaDescriptions {
diff --git a/pkg/description/session_test.go b/pkg/description/session_test.go
index 6032c40d..27d0188d 100644
--- a/pkg/description/session_test.go
+++ b/pkg/description/session_test.go
@@ -768,12 +768,21 @@ func FuzzSessionUnmarshal(f *testing.F) {
 		"a=rtpmap:101 ulpfec/8000\r\n" +
 		"a=mid:4\r\n")
 
-	f.Fuzz(func(_ *testing.T, enc string) {
+	f.Fuzz(func(t *testing.T, enc string) {
 		var sd sdp.SessionDescription
 		err := sd.Unmarshal([]byte(enc))
-		if err == nil {
-			var desc Session
-			desc.Unmarshal(&sd) //nolint:errcheck
+		if err != nil {
+			return
 		}
+
+		var desc Session
+		err = desc.Unmarshal(&sd)
+		if err != nil {
+			return
+		}
+
+		require.NotZero(t, len(desc.Medias))
+
+		desc.Marshal(false) //nolint:errcheck
 	})
 }
diff --git a/pkg/description/testdata/fuzz/FuzzSessionUnmarshal/5838cdfae7b16cde b/pkg/description/testdata/fuzz/FuzzSessionUnmarshal/5838cdfae7b16cde
new file mode 100644
index 00000000..64c3abaf
--- /dev/null
+++ b/pkg/description/testdata/fuzz/FuzzSessionUnmarshal/5838cdfae7b16cde
@@ -0,0 +1,2 @@
+go test fuzz v1
+string("")
diff --git a/pkg/format/format_test.go b/pkg/format/format_test.go
index e3b1a241..66ae2abe 100644
--- a/pkg/format/format_test.go
+++ b/pkg/format/format_test.go
@@ -1271,8 +1271,15 @@ func FuzzUnmarshal(f *testing.F) {
 		var desc sdp.SessionDescription
 		err := desc.Unmarshal([]byte(in))
 
-		if err == nil && len(desc.MediaDescriptions) == 1 && len(desc.MediaDescriptions[0].MediaName.Formats) == 1 {
-			Unmarshal(desc.MediaDescriptions[0], desc.MediaDescriptions[0].MediaName.Formats[0]) //nolint:errcheck
+		if err == nil && len(desc.MediaDescriptions) >= 1 && len(desc.MediaDescriptions[0].MediaName.Formats) >= 1 {
+			f, err := Unmarshal(desc.MediaDescriptions[0], desc.MediaDescriptions[0].MediaName.Formats[0])
+			if err == nil {
+				f.Codec()
+				f.ClockRate()
+				f.PayloadType()
+				f.RTPMap()
+				f.FMTP()
+			}
 		}
 	})
 }