[FFmpeg-cvslog] r22469 - trunk/libavformat/rtpenc_h263.c
mstorsjo
subversion
Thu Mar 11 17:26:14 CET 2010
Author: mstorsjo
Date: Thu Mar 11 17:26:14 2010
New Revision: 22469
Log:
Fix a crash in the H.263 RTP packetizer
If size == 1 and buf[0] == 0 and buf[1] == 0 (the first byte after the
buffer), it would set size = -1 and crash in the later memcpy.
Modified:
trunk/libavformat/rtpenc_h263.c
Modified: trunk/libavformat/rtpenc_h263.c
==============================================================================
--- trunk/libavformat/rtpenc_h263.c Thu Mar 11 13:29:02 2010 (r22468)
+++ trunk/libavformat/rtpenc_h263.c Thu Mar 11 17:26:14 2010 (r22469)
@@ -50,7 +50,7 @@ void ff_rtp_send_h263(AVFormatContext *s
while (size > 0) {
q = s->buf;
- if ((buf1[0] == 0) && (buf1[1] == 0)) {
+ if (size >= 2 && (buf1[0] == 0) && (buf1[1] == 0)) {
*q++ = 0x04;
buf1 += 2;
size -= 2;
More information about the ffmpeg-cvslog
mailing list