In this case, the string that was passed couldn't contain
user-defined data and thus there was no risk for injection
bugs, but it's safer this way, if we later change the
content of the options string.
---
libavformat/rtsp.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
index b2735f6..eeea9be 100644
--- a/libavformat/rtsp.c
+++ b/libavformat/rtsp.c
@@ -1234,10 +1234,10 @@ int ff_rtsp_make_setup_request(AVFormatContext *s,
const char *host, int port,
if (reply->transports[0].source[0]) {
ff_url_join(url, sizeof(url), "rtp", NULL,
reply->transports[0].source,
- reply->transports[0].server_port_min, options);
+ reply->transports[0].server_port_min, "%s",
options);
} else {
ff_url_join(url, sizeof(url), "rtp", NULL, host,
- reply->transports[0].server_port_min, options);
+ reply->transports[0].server_port_min, "%s",
options);
}
if (!(rt->server_type == RTSP_SERVER_WMS && i > 1) &&
rtp_set_remote_url(rtsp_st->rtp_handle, url) < 0) {
--
1.7.3.1
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
