[FFmpeg-cvslog] avformat/sdp: Check before appending ","
Michael Niedermayer
git at videolan.org
Sun Jan 5 01:27:50 EET 2025
ffmpeg | branch: release/2.8 | Michael Niedermayer <michael at niedermayer.cc> | Wed May 8 04:07:40 2024 +0200| [303fea7956db56b6c7a5b979077abb4a32dcb3dd] | committer: Michael Niedermayer
avformat/sdp: Check before appending ","
Found by reviewing code related to CID1500301 String not null terminated
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5b82852519e92a2b94de0f22da1a81df5b3e0412)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=303fea7956db56b6c7a5b979077abb4a32dcb3dd
---
libavformat/sdp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavformat/sdp.c b/libavformat/sdp.c
index 45974b394f..e0d9016f35 100644
--- a/libavformat/sdp.c
+++ b/libavformat/sdp.c
@@ -195,6 +195,8 @@ static char *extradata2psets(AVCodecContext *c)
continue;
}
if (p != (psets + strlen(pset_string))) {
+ if (p - psets >= MAX_PSET_SIZE)
+ goto fail_in_loop;
*p = ',';
p++;
}
@@ -204,6 +206,7 @@ static char *extradata2psets(AVCodecContext *c)
}
if (!av_base64_encode(p, MAX_PSET_SIZE - (p - psets), r, r1 - r)) {
av_log(c, AV_LOG_ERROR, "Cannot Base64-encode %"PTRDIFF_SPECIFIER" %"PTRDIFF_SPECIFIER"!\n", MAX_PSET_SIZE - (p - psets), r1 - r);
+fail_in_loop:
av_free(psets);
av_free(tmpbuf);
More information about the ffmpeg-cvslog
mailing list