[FFmpeg-devel] [PATCH] Fix to crash in ff_rtsp_read_reply

Michael Lynch Wed, 15 Oct 2014 10:14:12 -0700

This patch fixes a crash in ff_rtsp_read_reply that can occur when the
Content Length field of the RTSP reply message is very high (e.g. near
INT_MAX) and causes av_malloc to return NULL.


Thanks,
Michael

commit 1e085fa751168813912f13f89b754e5711b13daa
Author: Michael Lynch <mtly...@google.com>
Date:   Tue Oct 14 14:19:40 2014 -0400

    Fixing crash in ff_rtsp_read_reply caused by failure to check the
result of memory allocation.

diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
index 523a7c0..77f03ba 100644
--- a/libavformat/rtsp.c
+++ b/libavformat/rtsp.c
@@ -1150,6 +1150,8 @@ start:
     if (content_length > 0) {
         /* leave some room for a trailing '\0' (useful for simple parsing)
*/
         content = av_malloc(content_length + 1);
+        if (!content)
+            return AVERROR(ENOMEM);
         ffurl_read_complete(rt->rtsp_hd, content, content_length);
         content[content_length] = '\0';
     }
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

[FFmpeg-devel] [PATCH] Fix to crash in ff_rtsp_read_reply

Reply via email to