dilim/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2026-06-24 08:48:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

avformat/rtspdec: bound Content-Length in the ANNOUNCE handler to SDP_MAX_SIZE

Browse Source 
Reported by Franciszek Kalinowski (isec.pl / striga.ai) and Bartosz Smigielski.
This commit is contained in:
Michael Niedermayer
2026-05-19 09:40:41 +02:00
committed by michaelni
parent 0cf9169c85
commit 6049b4d7bc
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libavformat/rtspdec.c
View File

@@ -191,7 +191,7 @@ static int rtsp_read_announce(AVFormatContext *s)
rtsp_send_reply(s, RTSP_STATUS_SERVICE, NULL, request.seq);
return AVERROR_OPTION_NOT_FOUND;
}
if (request.content_length > 0) {
if (request.content_length > 0 && request.content_length <= SDP_MAX_SIZE) {
sdp = av_malloc(request.content_length + 1);
if (!sdp)
return AVERROR(ENOMEM);