> I have double checked, both issues still seem to affect 2019.05.03. Thanks for the report.
> In RTSPClientConnection::handleRequestBytes, if a pointer wraparound > as checked at line 793 happens, parseSucceeded is set to false but > contentLength is still used to perform memmove at line 890. > > This might lead to invalid memory access. Yes, this is a problem. I have just installed a new version (2019.05.12) of the code that should prevent this from happening. > This is a memory leak. Memory allocated in parseAuthorizationHeader for > username, realm, etc. by strDup is never freed. Actually, this is not a memory leak. The parameters to “parseAuthorizationHeader()” are reference parameters (to pointers). The allocated memory is passed back to the calling function, which ends up deleting them all. So, there’s no bug here. Ross Finlayson Live Networks, Inc. http://www.live555.com/ _______________________________________________ live-devel mailing list live-devel@lists.live555.com http://lists.live555.com/mailman/listinfo/live-devel
