# HG changeset patch
# User rtogni
# Date 1167571673 0
# Node ID 4511c04bc4a092593efac247f6d2eb917c080dbb
# Parent  99ab6c41eb1e197b95fa1e340079bdd2f220b95a
Fix potential buffer overflow in asm rules matching code

diff -r 99ab6c41eb1e -r 4511c04bc4a0 stream/realrtsp/asmrp.c
--- a/stream/realrtsp/asmrp.c	Sun Dec 31 11:09:53 2006 +0000
+++ b/stream/realrtsp/asmrp.c	Sun Dec 31 13:27:53 2006 +0000
@@ -41,6 +41,7 @@
 #include <stdio.h>
 #include <string.h>
 #include "mp_msg.h"
+#include "asmrp.h"
 
 /*
 #define LOG
@@ -646,8 +647,11 @@
 #ifdef LOG
       printf ("rule #%d is true\n", rule_num);
 #endif
-      matches[num_matches] = rule_num;
-      num_matches++;
+      if(num_matches < MAX_RULEMATCHES - 1)
+        matches[num_matches++] = rule_num;
+      else
+        mp_msg(MSGT_STREAM, MSGL_ERR,
+	  "Ignoring matched asm rule %d, too many matched rules.\n", rule_num);
     }
 
     rule_num++;
diff -r 99ab6c41eb1e -r 4511c04bc4a0 stream/realrtsp/asmrp.h
--- a/stream/realrtsp/asmrp.h	Sun Dec 31 11:09:53 2006 +0000
+++ b/stream/realrtsp/asmrp.h	Sun Dec 31 13:27:53 2006 +0000
@@ -40,6 +40,8 @@
 #ifndef HAVE_ASMRP_H
 #define HAVE_ASMRP_H
 
+#define MAX_RULEMATCHES 16
+
 int asmrp_match (const char *rules, int bandwidth, int *matches) ;
 
 #endif
diff -r 99ab6c41eb1e -r 4511c04bc4a0 stream/realrtsp/real.c
--- a/stream/realrtsp/real.c	Sun Dec 31 11:09:53 2006 +0000
+++ b/stream/realrtsp/real.c	Sun Dec 31 13:27:53 2006 +0000
@@ -275,7 +275,7 @@
     int j=0;
     int n;
     char b[64];
-    int rulematches[16];
+    int rulematches[MAX_RULEMATCHES];
 
 #ifdef LOG
     printf("calling asmrp_match with:\n%s\n%u\n", desc->stream[i]->asm_rule_book, bandwidth);