# HG changeset patch
# User michael
# Date 1110999994 0
# Node ID fc254f396f1551678c24edf71b9a1e2a200e27c7
# Parent  594a9b0cacf55daa0033f2de1326603203482b72
buffer overflow in sdp_probe() fix by (Gildas Bazin )gbazin altern org)

diff -r 594a9b0cacf5 -r fc254f396f15 rtsp.c
--- a/rtsp.c	Wed Mar 16 13:26:52 2005 +0000
+++ b/rtsp.c	Wed Mar 16 19:06:34 2005 +0000
@@ -1174,17 +1174,16 @@
 
 static int sdp_probe(AVProbeData *p1)
 {
-    const char *p;
+    const char *p = p1->buf, *p_end = p1->buf + p1->buf_size;
 
     /* we look for a line beginning "c=IN IP4" */
-    p = p1->buf;
-    while (*p != '\0') {
-        if (strstart(p, "c=IN IP4", NULL))
+    while (p < p_end && *p != '\0') {
+        if (p + sizeof("c=IN IP4") - 1 < p_end && strstart(p, "c=IN IP4", NULL))
             return AVPROBE_SCORE_MAX / 2;
-        p = strchr(p, '\n');
-        if (!p)
+
+        while(p < p_end - 1 && *p != '\n') p++;
+        if (++p >= p_end)
             break;
-        p++;
         if (*p == '\r')
             p++;
     }