[vlc-commits] modules/access/live555.cpp: Fix crash parsing H264 config

Will Newton git at videolan.org
Thu Mar 28 18:20:53 CET 2019


vlc/vlc-3.0 | branch: master | Will Newton <will.newton at gmail.com> | Tue Mar 19 22:59:34 2019 +0000| [6754041b56aafa12c3645e2cc46394728aa8f8e4] | committer: Rémi Denis-Courmont

modules/access/live555.cpp: Fix crash parsing H264 config

The buffer allocated for parsing the H264 config string is not
sufficient, causing a possible heap overflow. Size the buffer
more accurately to prevent this happening.

Signed-off-by: Rémi Denis-Courmont <remi at remlab.net>
(cherry picked from commit 6dee6325ec2cb5d01c9a5247d443109b6aaaeb8c)

> http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=6754041b56aafa12c3645e2cc46394728aa8f8e4
---

 modules/access/live555.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/access/live555.cpp b/modules/access/live555.cpp
index d59a633d3c..26db2d6f24 100644
--- a/modules/access/live555.cpp
+++ b/modules/access/live555.cpp
@@ -2353,7 +2353,7 @@ static unsigned char* parseH264ConfigStr( char const* configStr,
         }
     }
 
-    size_t configMax = 5*strlen(dup);
+    size_t configMax = 4*i_records+strlen(configStr);
     unsigned char *cfg = new unsigned char[configMax];
     psz = dup;
     for( size_t i = 0; i < i_records; ++i )



More information about the vlc-commits mailing list