[vlc-devel] commit: realrtsp: fix read after the end of the string if the input buffer length isn' t a multiple of 4. ( Rémi Duraffort )

[git version control]

vlc | branch: 0.9-bugfix | Rémi Duraffort <ivoire at videolan.org> | Fri Dec 12 22:12:50 2008 +0100| [663ceb64128da786785f0ca0e6d3459f35a87a3d] | committer: Jean-Baptiste Kempf 

realrtsp: fix read after the end of the string if the input buffer length isn't a multiple of 4.
(cherry picked from commit 3e7b45b07d9284ac70e4eaeb35c212f98f149933)

Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=663ceb64128da786785f0ca0e6d3459f35a87a3d
---

 modules/access/rtsp/real_sdpplin.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/modules/access/rtsp/real_sdpplin.c b/modules/access/rtsp/real_sdpplin.c
index 458803e..e858371 100644
--- a/modules/access/rtsp/real_sdpplin.c
+++ b/modules/access/rtsp/real_sdpplin.c
@@ -54,10 +54,11 @@ static char *b64_decode(const char *in, char *out, int *size) {
 
   k=0;
   /*CONSTANTCONDITION*/
-  for (j=0; j<strlen(in); j+=4) {
+  int in_len = strlen(in);
+  for (j=0; j < in_len; j+=4) {
     char a[4], b[4];
 
-    for (i = 0; i < 4; i++) {
+    for (i = 0; i < 4 && j + i < in_len; i++) {
       int c = in[i+j];
 
       if (dtable[c] & 0x80) {
@@ -388,3 +389,4 @@ void sdpplin_free(sdpplin_t *description) {
   free( description->range );
   free( description );
 }
+