Mercurial > libavformat.hg

changeset 706:fc254f396f15 libavformat

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
buffer overflow in sdp_probe() fix by (Gildas Bazin )gbazin altern org)
author michael
date Wed, 16 Mar 2005 19:06:34 +0000
parents 594a9b0cacf5
children cc612862d461
files rtsp.c
diffstat 1 files changed, 6 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/rtsp.c	Wed Mar 16 13:26:52 2005 +0000
+++ b/rtsp.c	Wed Mar 16 19:06:34 2005 +0000
@@ -1174,17 +1174,16 @@
 
 static int sdp_probe(AVProbeData *p1)
 {
-    const char *p;
+    const char *p = p1->buf, *p_end = p1->buf + p1->buf_size;
 
     /* we look for a line beginning "c=IN IP4" */
-    p = p1->buf;
-    while (*p != '\0') {
-        if (strstart(p, "c=IN IP4", NULL))
+    while (p < p_end && *p != '\0') {
+        if (p + sizeof("c=IN IP4") - 1 < p_end && strstart(p, "c=IN IP4", NULL))
             return AVPROBE_SCORE_MAX / 2;
-        p = strchr(p, '\n');
-        if (!p)
+
+        while(p < p_end - 1 && *p != '\n') p++;
+        if (++p >= p_end)
             break;
-        p++;
         if (*p == '\r')
             p++;
     }