Found by reviewing code related to CID1500301 String not null terminated
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <[email protected]>
---
libavformat/sdp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavformat/sdp.c b/libavformat/sdp.c
index 7e11a759185..ccfaa8aff58 100644
--- a/libavformat/sdp.c
+++ b/libavformat/sdp.c
@@ -203,6 +203,8 @@ static int extradata2psets(AVFormatContext *s, const
AVCodecParameters *par,
continue;
}
if (p != (psets + strlen(pset_string))) {
+ if (p - psets >= MAX_PSET_SIZE)
+ goto fail_in_loop;
*p = ',';
p++;
}
@@ -213,6 +215,7 @@ static int extradata2psets(AVFormatContext *s, const
AVCodecParameters *par,
if (!av_base64_encode(p, MAX_PSET_SIZE - (p - psets), r, r1 - r)) {
av_log(s, AV_LOG_ERROR, "Cannot Base64-encode %"PTRDIFF_SPECIFIER"
%"PTRDIFF_SPECIFIER"!\n",
MAX_PSET_SIZE - (p - psets), r1 - r);
+fail_in_loop:
av_free(psets);
av_free(tmpbuf);
--
2.43.2
_______________________________________________
ffmpeg-devel mailing list
[email protected]
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
[email protected] with subject "unsubscribe".
