Mercurial > libavformat.hg
comparison rtsp.c @ 706:fc254f396f15 libavformat
buffer overflow in sdp_probe() fix by (Gildas Bazin )gbazin altern org)
| author | michael |
|---|---|
| date | Wed, 16 Mar 2005 19:06:34 +0000 |
| parents | fe24632a577b |
| children | 820863425158 |
comparison
equal
deleted
inserted
replaced
| 705:594a9b0cacf5 | 706:fc254f396f15 |
|---|---|
| 1172 .read_pause = rtsp_read_pause, | 1172 .read_pause = rtsp_read_pause, |
| 1173 }; | 1173 }; |
| 1174 | 1174 |
| 1175 static int sdp_probe(AVProbeData *p1) | 1175 static int sdp_probe(AVProbeData *p1) |
| 1176 { | 1176 { |
| 1177 const char *p; | 1177 const char *p = p1->buf, *p_end = p1->buf + p1->buf_size; |
| 1178 | 1178 |
| 1179 /* we look for a line beginning "c=IN IP4" */ | 1179 /* we look for a line beginning "c=IN IP4" */ |
| 1180 p = p1->buf; | 1180 while (p < p_end && *p != '\0') { |
| 1181 while (*p != '\0') { | 1181 if (p + sizeof("c=IN IP4") - 1 < p_end && strstart(p, "c=IN IP4", NULL)) |
| 1182 if (strstart(p, "c=IN IP4", NULL)) | |
| 1183 return AVPROBE_SCORE_MAX / 2; | 1182 return AVPROBE_SCORE_MAX / 2; |
| 1184 p = strchr(p, '\n'); | 1183 |
| 1185 if (!p) | 1184 while(p < p_end - 1 && *p != '\n') p++; |
| 1186 break; | 1185 if (++p >= p_end) |
| 1187 p++; | 1186 break; |
| 1188 if (*p == '\r') | 1187 if (*p == '\r') |
| 1189 p++; | 1188 p++; |
| 1190 } | 1189 } |
| 1191 return 0; | 1190 return 0; |
| 1192 } | 1191 } |