[SCM] libav/experimental: rtmpproto: Check the buffer sizes when copying app/playpath strings
siretart at users.alioth.debian.org
siretart at users.alioth.debian.org
Sun Aug 10 16:03:05 UTC 2014
The following commit has been merged in the experimental branch:
commit 0bacfa8d37710b904897e7cbeb8d6f96fbf75e2e
Author: Martin Storsjö <martin at martin.st>
Date: Thu May 8 15:12:23 2014 +0300
rtmpproto: Check the buffer sizes when copying app/playpath strings
As pointed out by Reimar Döffinger.
CC: libav-stable at libav.org
Signed-off-by: Martin Storsjö <martin at martin.st>
diff --git a/libavformat/rtmpproto.c b/libavformat/rtmpproto.c
index 2962737..0cc702a 100644
--- a/libavformat/rtmpproto.c
+++ b/libavformat/rtmpproto.c
@@ -2484,12 +2484,13 @@ reconnect:
if (qmark && strstr(qmark, "slist=")) {
char* amp;
// After slist we have the playpath, before the params, the app
- av_strlcpy(rt->app, path + 1, qmark - path);
+ av_strlcpy(rt->app, path + 1, FFMIN(qmark - path, APP_MAX_LENGTH));
fname = strstr(path, "slist=") + 6;
// Strip any further query parameters from fname
amp = strchr(fname, '&');
if (amp) {
- av_strlcpy(fname_buffer, fname, amp - fname + 1);
+ av_strlcpy(fname_buffer, fname, FFMIN(amp - fname + 1,
+ sizeof(fname_buffer)));
fname = fname_buffer;
}
} else if (!strncmp(path, "/ondemand/", 10)) {
@@ -2507,10 +2508,10 @@ reconnect:
fname = strchr(p + 1, '/');
if (!fname || (c && c < fname)) {
fname = p + 1;
- av_strlcpy(rt->app, path + 1, p - path);
+ av_strlcpy(rt->app, path + 1, FFMIN(p - path, APP_MAX_LENGTH));
} else {
fname++;
- av_strlcpy(rt->app, path + 1, fname - path - 1);
+ av_strlcpy(rt->app, path + 1, FFMIN(fname - path - 1, APP_MAX_LENGTH));
}
}
}
--
Libav/FFmpeg packaging
More information about the pkg-multimedia-commits
mailing list