Commit a01be865 authored by Rémi Duraffort's avatar Rémi Duraffort

realrtsp: don't write outside a static buffer.

parent 3e7b45b0
......@@ -442,10 +442,9 @@ rmff_header_t *real_parse_sdp(char *data, char **stream_rules, uint32_t bandwidt
buf= (char *)malloc(2048);
if( !buf ) goto error;
header = (rmff_header_t*)malloc(sizeof(rmff_header_t));
header = calloc( 1, sizeof(rmff_header_t) );
if( !header ) goto error;
memset(header, 0, sizeof(rmff_header_t));
header->fileheader=rmff_new_fileheader(4+desc->stream_count);
header->cont=rmff_new_cont(
desc->title,
......@@ -456,10 +455,9 @@ rmff_header_t *real_parse_sdp(char *data, char **stream_rules, uint32_t bandwidt
header->data=rmff_new_dataheader(0,0);
if( !header->data ) goto error;
header->streams = (rmff_mdpr_t**) malloc(sizeof(rmff_mdpr_t*)*(desc->stream_count+1));
header->streams = calloc( desc->stream_count+1, sizeof(rmff_mdpr_t*) );
if( !header->streams ) goto error;
memset(header->streams, 0, sizeof(rmff_mdpr_t*)*(desc->stream_count+1));
lprintf("number of streams: %u\n", desc->stream_count);
for (i=0; i<desc->stream_count; i++) {
......@@ -471,7 +469,7 @@ rmff_header_t *real_parse_sdp(char *data, char **stream_rules, uint32_t bandwidt
lprintf("calling asmrp_match with:\n%s\n%u\n", desc->stream[i]->asm_rule_book, bandwidth);
n=asmrp_match(desc->stream[i]->asm_rule_book, bandwidth, rulematches);
n=asmrp_match(desc->stream[i]->asm_rule_book, bandwidth, rulematches, sizeof(rulematches)/sizeof(rulematches[0]));
for (j=0; j<n; j++) {
lprintf("asmrp rule match: %u for stream %u\n", rulematches[j], desc->stream[i]->stream_id);
sprintf(b,"stream=%u;rule=%u,", desc->stream[i]->stream_id, rulematches[j]);
......
......@@ -48,6 +48,6 @@ int real_get_rdt_chunk_header(rtsp_client_t *, rmff_pheader_t *);
int real_get_rdt_chunk(rtsp_client_t *, rmff_pheader_t *, unsigned char **);
rmff_header_t *real_setup_and_get_header(rtsp_client_t *, int bandwidth);
int asmrp_match(const char *rules, int bandwidth, int *matches) ;
int asmrp_match(const char *rules, int bandwidth, int *matches, int matchsize) ;
#endif
......@@ -94,7 +94,7 @@ static asmrp_t *asmrp_new (void ) {
p->sym_tab_num = 0;
p->sym = ASMRP_SYM_NONE;
p->buf = 0;
p->buf = NULL;
return p;
}
......@@ -595,7 +595,7 @@ static int asmrp_rule (asmrp_t *p) {
return ret;
}
static int asmrp_eval (asmrp_t *p, int *matches) {
static int asmrp_eval (asmrp_t *p, int *matches, int matchsize) {
int rule_num, num_matches;
......@@ -604,7 +604,7 @@ static int asmrp_eval (asmrp_t *p, int *matches) {
asmrp_get_sym (p);
rule_num = 0; num_matches = 0;
while (p->sym != ASMRP_SYM_EOF) {
while (p->sym != ASMRP_SYM_EOF && num_matches < matchsize - 1) {
if (asmrp_rule (p)) {
lprintf ("rule #%d is true\n", rule_num);
......@@ -620,7 +620,7 @@ static int asmrp_eval (asmrp_t *p, int *matches) {
return num_matches;
}
int asmrp_match (const char *rules, int bandwidth, int *matches) {
int asmrp_match (const char *rules, int bandwidth, int *matches, int matchsize) {
asmrp_t *p;
int num_matches;
......@@ -632,7 +632,7 @@ int asmrp_match (const char *rules, int bandwidth, int *matches) {
asmrp_set_id (p, "Bandwidth", bandwidth);
asmrp_set_id (p, "OldPNMPlayer", 0);
num_matches = asmrp_eval (p, matches);
num_matches = asmrp_eval (p, matches, matchsize);
asmrp_dispose (p);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment