[FFmpeg-devel] [PATCH 3/7] avformat/sdp: Fix potential write beyond end of buffer

Thu Jul 9 13:35:38 EEST 2020

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
---
 libavformat/sdp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/sdp.c b/libavformat/sdp.c
index 34e9839b67..2ce1a62262 100644
--- a/libavformat/sdp.c
+++ b/libavformat/sdp.c
@@ -212,7 +212,7 @@ static char *extradata2psets(AVFormatContext *s, AVCodecParameters *par)
         p += strlen(p);
         r = r1;
     }
-    if (sps && sps_end - sps >= 4) {
+    if (sps && sps_end - sps >= 4 && p - psets <= MAX_PSET_SIZE - strlen(profile_string) - 7) {
         memcpy(p, profile_string, strlen(profile_string));
         p += strlen(p);
         ff_data_to_hex(p, sps + 1, 3, 0);
-- 
2.20.1

