[FFmpeg-cvslog] rtmpproto: Check APP_MAX_LENGTH
Michael Niedermayer
git at videolan.org
Sun Mar 3 03:35:52 CET 2013
ffmpeg | branch: release/1.0 | Michael Niedermayer <michaelni at gmx.at> | Sat Feb 23 16:58:01 2013 +0100| [d034ddcd1f6cdd5528f02db38cf3552301bef1a4] | committer: Michael Niedermayer
rtmpproto: Check APP_MAX_LENGTH
Fixes Ticket2292
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 02ac3398eb52679301028c2fd3ebad1b6261b4da)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d034ddcd1f6cdd5528f02db38cf3552301bef1a4
---
libavformat/rtmpproto.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/libavformat/rtmpproto.c b/libavformat/rtmpproto.c
index e23dd2d..090d8ec 100644
--- a/libavformat/rtmpproto.c
+++ b/libavformat/rtmpproto.c
@@ -2156,16 +2156,20 @@ static int rtmp_open(URLContext *s, const char *uri, int flags)
fname = strchr(p + 1, '/');
if (!fname || (c && c < fname)) {
fname = p + 1;
- av_strlcpy(rt->app, path + 1, p - path);
+ av_strlcpy(rt->app, path + 1, FFMIN(p - path, APP_MAX_LENGTH));
} else {
fname++;
- av_strlcpy(rt->app, path + 1, fname - path - 1);
+ av_strlcpy(rt->app, path + 1, FFMIN(fname - path - 1, APP_MAX_LENGTH));
}
}
}
if (old_app) {
// The name of application has been defined by the user, override it.
+ if (strlen(old_app) >= APP_MAX_LENGTH) {
+ ret = AVERROR(EINVAL);
+ goto fail;
+ }
av_free(rt->app);
rt->app = old_app;
}
More information about the ffmpeg-cvslog
mailing list