[vlc-devel] commit: realrtsp: fix read after the end of the string if the input buffer length isn' t a multiple of 4. ( Rémi Duraffort )

git version control git at videolan.org
Fri Dec 12 22:17:07 CET 2008


vlc | branch: master | Rémi Duraffort <ivoire at videolan.org> | Fri Dec 12 22:12:50 2008 +0100| [3e7b45b07d9284ac70e4eaeb35c212f98f149933] | committer: Rémi Duraffort 

realrtsp: fix read after the end of the string if the input buffer length isn't a multiple of 4.

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=3e7b45b07d9284ac70e4eaeb35c212f98f149933
---

 modules/access/rtsp/real_sdpplin.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/modules/access/rtsp/real_sdpplin.c b/modules/access/rtsp/real_sdpplin.c
index 3f40947..64e043a 100644
--- a/modules/access/rtsp/real_sdpplin.c
+++ b/modules/access/rtsp/real_sdpplin.c
@@ -54,10 +54,11 @@ static char *b64_decode(const char *in, char *out, int *size) {
 
   k=0;
   /*CONSTANTCONDITION*/
-  for (j=0; j<strlen(in); j+=4) {
+  int in_len = strlen(in);
+  for (j=0; j < in_len; j+=4) {
     char a[4], b[4];
 
-    for (i = 0; i < 4; i++) {
+    for (i = 0; i < 4 && j + i < in_len; i++) {
       int c = in[i+j];
 
       if (dtable[c] & 0x80) {
@@ -388,3 +389,4 @@ void sdpplin_free(sdpplin_t *description) {
   free( description->range );
   free( description );
 }
+




More information about the vlc-devel mailing list