@@ -203,6 +203,8 @@ static int extradata2psets(AVFormatContext *s, const AVCodecParameters *par,
continue;
}
if (p != (psets + strlen(pset_string))) {
+ if (p - psets >= MAX_PSET_SIZE)
+ goto fail_in_loop;
*p = ',';
p++;
}
@@ -213,6 +215,7 @@ static int extradata2psets(AVFormatContext *s, const AVCodecParameters *par,
if (!av_base64_encode(p, MAX_PSET_SIZE - (p - psets), r, r1 - r)) {
av_log(s, AV_LOG_ERROR, "Cannot Base64-encode %"PTRDIFF_SPECIFIER" %"PTRDIFF_SPECIFIER"!\n",
MAX_PSET_SIZE - (p - psets), r1 - r);
+fail_in_loop:
av_free(psets);
av_free(tmpbuf);
Found by reviewing code related to CID1500301 String not null terminated Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/sdp.c | 3 +++ 1 file changed, 3 insertions(+)