[vlc-devel] [PATCH 07/13] modules/access/rtsp: fixed memcpy potentially reading outside buffer
Filip Roséen
filip at atch.se
Thu Feb 25 10:12:33 CET 2016
If `psz_buffer` points to a string equivalent to just "RTSP/1.0", we
would read 2 bytes outside the buffer when (the removed) `memcpy` was
invoked.
---
modules/access/rtsp/rtsp.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/modules/access/rtsp/rtsp.c b/modules/access/rtsp/rtsp.c
index f044a9d..23b6f99 100644
--- a/modules/access/rtsp/rtsp.c
+++ b/modules/access/rtsp/rtsp.c
@@ -129,13 +129,12 @@ static int rtsp_put( rtsp_client_t *rtsp, const char *psz_string )
static int rtsp_get_status_code( rtsp_client_t *rtsp, const char *psz_string )
{
VLC_UNUSED(rtsp);
- char psz_buffer[4];
+ char psz_buffer[4] = {0,0,0,0};
int i_code = 0;
if( !strncmp( psz_string, "RTSP/1.0", sizeof("RTSP/1.0") - 1 ) )
{
- memcpy( psz_buffer, psz_string + sizeof("RTSP/1.0"), 3 );
- psz_buffer[3] = 0;
+ strncpy(psz_buffer, psz_string + sizeof("RTSP/1.0"), 3);
i_code = atoi( psz_buffer );
}
else if( !strncmp( psz_string, "SET_PARAMETER", sizeof("SET_PARAMETER") - 1 ) )
--
2.7.1
More information about the vlc-devel
mailing list