[vlc-devel] [PATCH] access/http: Fix off-by-one in ICY parser
Marvin Scholz
epirat07 at gmail.com
Mon Dec 11 12:52:20 CET 2017
This fixes a off-by-one issue in the ICY parser that would happen in the
case the ICY metadata is unquoted. (StreamTitle=test;).
With empty metadata without ; (StreamTitle=) this would lead to a buffer
over-read.
Credit to Filip Roséen who discovered this issue.
---
modules/access/http.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/modules/access/http.c b/modules/access/http.c
index 83a6455d65..8d050bdec6 100644
--- a/modules/access/http.c
+++ b/modules/access/http.c
@@ -525,18 +525,19 @@ static int ReadICYMeta( stream_t *p_access )
psz = strchr( &p[1], ';' );
if( psz ) *psz = '\0';
+ p++;
}
else
{
- char *psz = strchr( &p[1], ';' );
+ char *psz = strchr( p, ';' );
if( psz ) *psz = '\0';
}
if( !p_sys->psz_icy_title ||
- strcmp( p_sys->psz_icy_title, &p[1] ) )
+ strcmp( p_sys->psz_icy_title, p ) )
{
free( p_sys->psz_icy_title );
- char *psz_tmp = strdup( &p[1] );
+ char *psz_tmp = strdup( p );
p_sys->psz_icy_title = EnsureUTF8( psz_tmp );
if( !p_sys->psz_icy_title )
free( psz_tmp );
--
2.14.3 (Apple Git-98)
More information about the vlc-devel
mailing list