[vlc-devel] commit: realrtsp: don't write outside a static buffer. ( Rémi Duraffort )

git version control git at videolan.org
Wed Dec 17 20:52:24 CET 2008 

vlc | branch: 0.9-bugfix | Rémi Duraffort <ivoire at videolan.org> | Fri Dec 12 22:48:09 2008 +0100| [88c450158727883a7501d4e646e54f5379c9aee0] | committer: Jean-Baptiste Kempf 

realrtsp: don't write outside a static buffer.
(cherry picked from commit a01be865ac16f249d9b502936c43c2a7911bca1e)

Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=88c450158727883a7501d4e646e54f5379c9aee0
---

 modules/access/rtsp/real.c       |    8 +++-----
 modules/access/rtsp/real.h       |    2 +-
 modules/access/rtsp/real_asmrp.c |   10 +++++-----
 3 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/modules/access/rtsp/real.c b/modules/access/rtsp/real.c
index 66a36ce..1c1a590 100644
--- a/modules/access/rtsp/real.c
+++ b/modules/access/rtsp/real.c
@@ -442,10 +442,9 @@ rmff_header_t *real_parse_sdp(char *data, char **stream_rules, uint32_t bandwidt
   buf= (char *)malloc(sizeof(char)*2048);
   if( !buf ) goto error;
 
-  header = (rmff_header_t*)malloc(sizeof(rmff_header_t));
+  header = calloc( 1, sizeof(rmff_header_t) );
   if( !header ) goto error;
 
-  memset(header, 0, sizeof(rmff_header_t));
   header->fileheader=rmff_new_fileheader(4+desc->stream_count);
   header->cont=rmff_new_cont(
       desc->title,
@@ -456,10 +455,9 @@ rmff_header_t *real_parse_sdp(char *data, char **stream_rules, uint32_t bandwidt
   header->data=rmff_new_dataheader(0,0);
   if( !header->data ) goto error;
 
-  header->streams = (rmff_mdpr_t**) malloc(sizeof(rmff_mdpr_t*)*(desc->stream_count+1));
+  header->streams = calloc( desc->stream_count+1, sizeof(rmff_mdpr_t*) );
   if( !header->streams ) goto error;
 
-  memset(header->streams, 0, sizeof(rmff_mdpr_t*)*(desc->stream_count+1));
   lprintf("number of streams: %u\n", desc->stream_count);
 
   for (i=0; i<desc->stream_count; i++) {
@@ -471,7 +469,7 @@ rmff_header_t *real_parse_sdp(char *data, char **stream_rules, uint32_t bandwidt
 
     lprintf("calling asmrp_match with:\n%s\n%u\n", desc->stream[i]->asm_rule_book, bandwidth);
 
-    n=asmrp_match(desc->stream[i]->asm_rule_book, bandwidth, rulematches);
+    n=asmrp_match(desc->stream[i]->asm_rule_book, bandwidth, rulematches, sizeof(rulematches)/sizeof(rulematches[0]));
     for (j=0; j<n; j++) {
       lprintf("asmrp rule match: %u for stream %u\n", rulematches[j], desc->stream[i]->stream_id);
       sprintf(b,"stream=%u;rule=%u,", desc->stream[i]->stream_id, rulematches[j]);
diff --git a/modules/access/rtsp/real.h b/modules/access/rtsp/real.h
index bb2479c..d4513d1 100644
--- a/modules/access/rtsp/real.h
+++ b/modules/access/rtsp/real.h
@@ -48,6 +48,6 @@ int real_get_rdt_chunk_header(rtsp_client_t *, rmff_pheader_t *);
 int real_get_rdt_chunk(rtsp_client_t *, rmff_pheader_t *, unsigned char **);
 rmff_header_t *real_setup_and_get_header(rtsp_client_t *, int bandwidth);
 
-int asmrp_match(const char *rules, int bandwidth, int *matches) ;
+int asmrp_match(const char *rules, int bandwidth, int *matches, int matchsize) ;
 
 #endif
diff --git a/modules/access/rtsp/real_asmrp.c b/modules/access/rtsp/real_asmrp.c
index c37363f..057e230 100644
--- a/modules/access/rtsp/real_asmrp.c
+++ b/modules/access/rtsp/real_asmrp.c
@@ -94,7 +94,7 @@ static asmrp_t *asmrp_new (void ) {
 
   p->sym_tab_num = 0;
   p->sym         = ASMRP_SYM_NONE;
-  p->buf         = 0;
+  p->buf         = NULL;
 
   return p;
 }
@@ -595,7 +595,7 @@ static int asmrp_rule (asmrp_t *p) {
   return ret;
 }
 
-static int asmrp_eval (asmrp_t *p, int *matches) {
+static int asmrp_eval (asmrp_t *p, int *matches, int matchsize) {
 
   int rule_num, num_matches;
 
@@ -604,7 +604,7 @@ static int asmrp_eval (asmrp_t *p, int *matches) {
   asmrp_get_sym (p);
 
   rule_num = 0; num_matches = 0;
-  while (p->sym != ASMRP_SYM_EOF) {
+  while (p->sym != ASMRP_SYM_EOF && num_matches < matchsize - 1) {
 
     if (asmrp_rule (p)) {
       lprintf ("rule #%d is true\n", rule_num);
@@ -620,7 +620,7 @@ static int asmrp_eval (asmrp_t *p, int *matches) {
   return num_matches;
 }
 
-int asmrp_match (const char *rules, int bandwidth, int *matches) {
+int asmrp_match (const char *rules, int bandwidth, int *matches, int matchsize) {
 
   asmrp_t *p;
   int      num_matches;
@@ -632,7 +632,7 @@ int asmrp_match (const char *rules, int bandwidth, int *matches) {
   asmrp_set_id (p, "Bandwidth", bandwidth);
   asmrp_set_id (p, "OldPNMPlayer", 0);
 
-  num_matches = asmrp_eval (p, matches);
+  num_matches = asmrp_eval (p, matches, matchsize);
 
   asmrp_dispose (p);

More information about the vlc-devel mailing list