[vlc-commits] access/http: Fix off-by-one in ICY parser

Marvin Scholz git at videolan.org
Wed Dec 13 11:15:33 CET 2017


vlc/vlc-3.0 | branch: master | Marvin Scholz <epirat07 at gmail.com> | Mon Dec 11 12:52:20 2017 +0100| [bb6e2fceb4211274a8fc1cff67bb0829f1b717bb] | committer: Hugo Beauzée-Luyssen

access/http: Fix off-by-one in ICY parser

This fixes a off-by-one issue in the ICY parser that would happen in the
case the ICY metadata is unquoted. (StreamTitle=test;).
With empty metadata without ; (StreamTitle=) this would lead to a buffer
over-read.

Credit to Filip Roséen who discovered this issue.

Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>
(cherry picked from commit b180121763aeb686fc331d6665c622ce02738bc4)
Signed-off-by: Hugo Beauzée-Luyssen <hugo at beauzee.fr>

> http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=bb6e2fceb4211274a8fc1cff67bb0829f1b717bb
---

 modules/access/http.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/modules/access/http.c b/modules/access/http.c
index 83a6455d65..8d050bdec6 100644
--- a/modules/access/http.c
+++ b/modules/access/http.c
@@ -525,18 +525,19 @@ static int ReadICYMeta( stream_t *p_access )
                 psz = strchr( &p[1], ';' );
 
             if( psz ) *psz = '\0';
+            p++;
         }
         else
         {
-            char *psz = strchr( &p[1], ';' );
+            char *psz = strchr( p, ';' );
             if( psz ) *psz = '\0';
         }
 
         if( !p_sys->psz_icy_title ||
-            strcmp( p_sys->psz_icy_title, &p[1] ) )
+            strcmp( p_sys->psz_icy_title, p ) )
         {
             free( p_sys->psz_icy_title );
-            char *psz_tmp = strdup( &p[1] );
+            char *psz_tmp = strdup( p );
             p_sys->psz_icy_title = EnsureUTF8( psz_tmp );
             if( !p_sys->psz_icy_title )
                 free( psz_tmp );



More information about the vlc-commits mailing list