[vlc-commits] modules/access/live555.cpp: Fix crash parsing H264 config
Will Newton
git at videolan.org
Thu Mar 28 18:20:53 CET 2019
vlc/vlc-3.0 | branch: master | Will Newton <will.newton at gmail.com> | Tue Mar 19 22:59:34 2019 +0000| [6754041b56aafa12c3645e2cc46394728aa8f8e4] | committer: Rémi Denis-Courmont
modules/access/live555.cpp: Fix crash parsing H264 config
The buffer allocated for parsing the H264 config string is not
sufficient, causing a possible heap overflow. Size the buffer
more accurately to prevent this happening.
Signed-off-by: Rémi Denis-Courmont <remi at remlab.net>
(cherry picked from commit 6dee6325ec2cb5d01c9a5247d443109b6aaaeb8c)
> http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=6754041b56aafa12c3645e2cc46394728aa8f8e4
---
modules/access/live555.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/access/live555.cpp b/modules/access/live555.cpp
index d59a633d3c..26db2d6f24 100644
--- a/modules/access/live555.cpp
+++ b/modules/access/live555.cpp
@@ -2353,7 +2353,7 @@ static unsigned char* parseH264ConfigStr( char const* configStr,
}
}
- size_t configMax = 5*strlen(dup);
+ size_t configMax = 4*i_records+strlen(configStr);
unsigned char *cfg = new unsigned char[configMax];
psz = dup;
for( size_t i = 0; i < i_records; ++i )
More information about the vlc-commits
mailing list