[vlc-devel] commit: realrtsp: don't write outside a static buffer. ( Rémi Duraffort )
git version control
git at videolan.org
Wed Dec 17 20:52:24 CET 2008
vlc | branch: 0.9-bugfix | Rémi Duraffort <ivoire at videolan.org> | Fri Dec 12 22:48:09 2008 +0100| [88c450158727883a7501d4e646e54f5379c9aee0] | committer: Jean-Baptiste Kempf
realrtsp: don't write outside a static buffer.
(cherry picked from commit a01be865ac16f249d9b502936c43c2a7911bca1e)
Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=88c450158727883a7501d4e646e54f5379c9aee0
---
modules/access/rtsp/real.c | 8 +++-----
modules/access/rtsp/real.h | 2 +-
modules/access/rtsp/real_asmrp.c | 10 +++++-----
3 files changed, 9 insertions(+), 11 deletions(-)
diff --git a/modules/access/rtsp/real.c b/modules/access/rtsp/real.c
index 66a36ce..1c1a590 100644
--- a/modules/access/rtsp/real.c
+++ b/modules/access/rtsp/real.c
@@ -442,10 +442,9 @@ rmff_header_t *real_parse_sdp(char *data, char **stream_rules, uint32_t bandwidt
buf= (char *)malloc(sizeof(char)*2048);
if( !buf ) goto error;
- header = (rmff_header_t*)malloc(sizeof(rmff_header_t));
+ header = calloc( 1, sizeof(rmff_header_t) );
if( !header ) goto error;
- memset(header, 0, sizeof(rmff_header_t));
header->fileheader=rmff_new_fileheader(4+desc->stream_count);
header->cont=rmff_new_cont(
desc->title,
@@ -456,10 +455,9 @@ rmff_header_t *real_parse_sdp(char *data, char **stream_rules, uint32_t bandwidt
header->data=rmff_new_dataheader(0,0);
if( !header->data ) goto error;
- header->streams = (rmff_mdpr_t**) malloc(sizeof(rmff_mdpr_t*)*(desc->stream_count+1));
+ header->streams = calloc( desc->stream_count+1, sizeof(rmff_mdpr_t*) );
if( !header->streams ) goto error;
- memset(header->streams, 0, sizeof(rmff_mdpr_t*)*(desc->stream_count+1));
lprintf("number of streams: %u\n", desc->stream_count);
for (i=0; i<desc->stream_count; i++) {
@@ -471,7 +469,7 @@ rmff_header_t *real_parse_sdp(char *data, char **stream_rules, uint32_t bandwidt
lprintf("calling asmrp_match with:\n%s\n%u\n", desc->stream[i]->asm_rule_book, bandwidth);
- n=asmrp_match(desc->stream[i]->asm_rule_book, bandwidth, rulematches);
+ n=asmrp_match(desc->stream[i]->asm_rule_book, bandwidth, rulematches, sizeof(rulematches)/sizeof(rulematches[0]));
for (j=0; j<n; j++) {
lprintf("asmrp rule match: %u for stream %u\n", rulematches[j], desc->stream[i]->stream_id);
sprintf(b,"stream=%u;rule=%u,", desc->stream[i]->stream_id, rulematches[j]);
diff --git a/modules/access/rtsp/real.h b/modules/access/rtsp/real.h
index bb2479c..d4513d1 100644
--- a/modules/access/rtsp/real.h
+++ b/modules/access/rtsp/real.h
@@ -48,6 +48,6 @@ int real_get_rdt_chunk_header(rtsp_client_t *, rmff_pheader_t *);
int real_get_rdt_chunk(rtsp_client_t *, rmff_pheader_t *, unsigned char **);
rmff_header_t *real_setup_and_get_header(rtsp_client_t *, int bandwidth);
-int asmrp_match(const char *rules, int bandwidth, int *matches) ;
+int asmrp_match(const char *rules, int bandwidth, int *matches, int matchsize) ;
#endif
diff --git a/modules/access/rtsp/real_asmrp.c b/modules/access/rtsp/real_asmrp.c
index c37363f..057e230 100644
--- a/modules/access/rtsp/real_asmrp.c
+++ b/modules/access/rtsp/real_asmrp.c
@@ -94,7 +94,7 @@ static asmrp_t *asmrp_new (void ) {
p->sym_tab_num = 0;
p->sym = ASMRP_SYM_NONE;
- p->buf = 0;
+ p->buf = NULL;
return p;
}
@@ -595,7 +595,7 @@ static int asmrp_rule (asmrp_t *p) {
return ret;
}
-static int asmrp_eval (asmrp_t *p, int *matches) {
+static int asmrp_eval (asmrp_t *p, int *matches, int matchsize) {
int rule_num, num_matches;
@@ -604,7 +604,7 @@ static int asmrp_eval (asmrp_t *p, int *matches) {
asmrp_get_sym (p);
rule_num = 0; num_matches = 0;
- while (p->sym != ASMRP_SYM_EOF) {
+ while (p->sym != ASMRP_SYM_EOF && num_matches < matchsize - 1) {
if (asmrp_rule (p)) {
lprintf ("rule #%d is true\n", rule_num);
@@ -620,7 +620,7 @@ static int asmrp_eval (asmrp_t *p, int *matches) {
return num_matches;
}
-int asmrp_match (const char *rules, int bandwidth, int *matches) {
+int asmrp_match (const char *rules, int bandwidth, int *matches, int matchsize) {
asmrp_t *p;
int num_matches;
@@ -632,7 +632,7 @@ int asmrp_match (const char *rules, int bandwidth, int *matches) {
asmrp_set_id (p, "Bandwidth", bandwidth);
asmrp_set_id (p, "OldPNMPlayer", 0);
- num_matches = asmrp_eval (p, matches);
+ num_matches = asmrp_eval (p, matches, matchsize);
asmrp_dispose (p);
More information about the vlc-devel
mailing list