Hi,
I use mplayer to visit rtsp://localhost:8854/mp3test, If RTSPServer recv the
request , RTSPServer will call the function "handleRequestBytes",In this
function we see the local unsigned variable "contentLength", and this local
variable is not init , thus the variable's init value is not sure is
0xffffffff,0xcccccccc,or other values.
then the first rtsp request is "rtsp://localhost:8854" and not contain
"mp3test", this time the next function call "parseRTSPRequestString" will
failed, and the var "contentLength" is not a sure value.
when continue to this setup "unsigned requestSize =
(fLastCRLF+4-fRequestBuffer) + contentLength;" in function "handleRequestByte"
, if "contentLength" is 0xffffffff then "requestSize" is the request buffer
size - 1, if "contentLength" is 0xcccccccc the "requestSize" is a big num,or
other posible value.
next setup " memmove(fRequestBuffer, &fRequestBuffer[requestSize],
numBytesRemaining);" if requestSize is a big num , this call will crashed.
_______________________________________________
live-devel mailing list
live-devel@lists.live555.com
http://lists.live555.com/mailman/listinfo/live-devel
