[vlc-devel] [PATCH] access/http: Fix off-by-one in ICY parser

Marvin Scholz epirat07 at gmail.com
Mon Dec 11 12:52:20 CET 2017


This fixes a off-by-one issue in the ICY parser that would happen in the
case the ICY metadata is unquoted. (StreamTitle=test;).
With empty metadata without ; (StreamTitle=) this would lead to a buffer
over-read.

Credit to Filip Roséen who discovered this issue.
---
 modules/access/http.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/modules/access/http.c b/modules/access/http.c
index 83a6455d65..8d050bdec6 100644
--- a/modules/access/http.c
+++ b/modules/access/http.c
@@ -525,18 +525,19 @@ static int ReadICYMeta( stream_t *p_access )
                 psz = strchr( &p[1], ';' );
 
             if( psz ) *psz = '\0';
+            p++;
         }
         else
         {
-            char *psz = strchr( &p[1], ';' );
+            char *psz = strchr( p, ';' );
             if( psz ) *psz = '\0';
         }
 
         if( !p_sys->psz_icy_title ||
-            strcmp( p_sys->psz_icy_title, &p[1] ) )
+            strcmp( p_sys->psz_icy_title, p ) )
         {
             free( p_sys->psz_icy_title );
-            char *psz_tmp = strdup( &p[1] );
+            char *psz_tmp = strdup( p );
             p_sys->psz_icy_title = EnsureUTF8( psz_tmp );
             if( !p_sys->psz_icy_title )
                 free( psz_tmp );
-- 
2.14.3 (Apple Git-98)



More information about the vlc-devel mailing list