[vlc-commits] stream_filter: smooth: fix write overflow

Mon Nov 10 13:03:57 CET 2014

vlc/vlc-2.2 | branch: master | Francois Cartegnie <fcvlcdev at free.fr> | Sun Nov  9 19:59:05 2014 +0100| [b64149c03b9238fc8204f02f271a63cf58bf2d77] | committer: Jean-Baptiste Kempf

stream_filter: smooth: fix write overflow

(cherry picked from commit 04b5c18015781108cd39d5617751afce5e5dcfdf)
Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>

> http://git.videolan.org/gitweb.cgi/vlc/vlc-2.2.git/?a=commit;h=b64149c03b9238fc8204f02f271a63cf58bf2d77
---

 modules/stream_filter/smooth/downloader.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/stream_filter/smooth/downloader.c b/modules/stream_filter/smooth/downloader.c
index 4e43b5b..0c1ae08 100644
--- a/modules/stream_filter/smooth/downloader.c
+++ b/modules/stream_filter/smooth/downloader.c
@@ -344,8 +344,9 @@ static int build_smoo_box( stream_t *s, uint8_t *smoo_box )
             if( !qlvl->CodecPrivateData )
                 continue;
             stra_box[98] = stra_box[99] = stra_box[100] = 0; /* reserved */
-            assert( strlen( qlvl->CodecPrivateData ) < 512 );
             stra_box[101] = strlen( qlvl->CodecPrivateData ) / 2;
+            if ( stra_box[101] > STRA_SIZE - 102 )
+                stra_box[101] = STRA_SIZE - 102;
             uint8_t *binary_cpd = decode_string_hex_to_binary( qlvl->CodecPrivateData );
             memcpy( stra_box + 102, binary_cpd, stra_box[101] );
             free( binary_cpd );

