vlc | branch: master | Filip Roséen <[email protected]> | Thu Feb 25 10:12:29 2016 +0100| [859d6f63e5d65ee7792cb22371e76d3fbd42ea91] | committer: Jean-Baptiste Kempf
realrtsp: fixed crash on unsuccessful DESCRIBE-response that includes `Alert` If the remote server yields an error on the `DESCRIBE` request, while also including an error message the module would crash due to an invalid free. % netcat -l -p 8080 <<EOF > RTSP/1.0 200 OK > CSeq: 1 > Server: Real > RealChallenge1: DEADBEEF > > RTSP/1.0 199 OK > CSeq: 2 > Alert: I like turtles > EOF The reason being that `alert` will point to the middle of allocated memory. Given the sourroundings the original author probably forgot to `strdup` the message - even though that is very unnecessary. Signed-off-by: Jean-Baptiste Kempf <[email protected]> > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=859d6f63e5d65ee7792cb22371e76d3fbd42ea91 --- modules/access/rtsp/real.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/modules/access/rtsp/real.c b/modules/access/rtsp/real.c index 0b7d5cc..53ad3bc 100644 --- a/modules/access/rtsp/real.c +++ b/modules/access/rtsp/real.c @@ -649,13 +649,11 @@ rmff_header_t *real_setup_and_get_header(rtsp_client_t *rtsp_session, int bandw status=rtsp_request_describe(rtsp_session,NULL); if ( status<200 || status>299 ) { msg_Dbg (p_access, "server returned status code %d", status); - char *alert=rtsp_search_answers(rtsp_session,"Alert"); - if (alert) { - msg_Dbg(p_access, "server replied with a message: %s", alert); + if ((p_data = rtsp_search_answers(rtsp_session, "Alert"))) { + msg_Dbg(p_access, "server replied with a message: '%s'", p_data); } rtsp_send_ok( rtsp_session ); free( challenge1 ); - free( alert ); free( buf ); return NULL; } _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
