vlc | branch: master | Filip Roséen <[email protected]> | Thu Feb 25 10:12:33 2016 +0100| [64f85e36cb01d98cdaac98d6fe33b0a58531c61b] | committer: Jean-Baptiste Kempf
realrtsp: fixed memcpy potentially reading outside buffer If `psz_buffer` points to a string equivalent to just "RTSP/1.0", we would read 2 bytes outside the buffer when (the removed) `memcpy` was invoked. Signed-off-by: Jean-Baptiste Kempf <[email protected]> > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=64f85e36cb01d98cdaac98d6fe33b0a58531c61b --- modules/access/rtsp/rtsp.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/access/rtsp/rtsp.c b/modules/access/rtsp/rtsp.c index f044a9d..23b6f99 100644 --- a/modules/access/rtsp/rtsp.c +++ b/modules/access/rtsp/rtsp.c @@ -129,13 +129,12 @@ static int rtsp_put( rtsp_client_t *rtsp, const char *psz_string ) static int rtsp_get_status_code( rtsp_client_t *rtsp, const char *psz_string ) { VLC_UNUSED(rtsp); - char psz_buffer[4]; + char psz_buffer[4] = {0,0,0,0}; int i_code = 0; if( !strncmp( psz_string, "RTSP/1.0", sizeof("RTSP/1.0") - 1 ) ) { - memcpy( psz_buffer, psz_string + sizeof("RTSP/1.0"), 3 ); - psz_buffer[3] = 0; + strncpy(psz_buffer, psz_string + sizeof("RTSP/1.0"), 3); i_code = atoi( psz_buffer ); } else if( !strncmp( psz_string, "SET_PARAMETER", sizeof("SET_PARAMETER") - 1 ) ) _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
