Commit b1801217 authored by Marvin Scholz's avatar Marvin Scholz Committed by Jean-Baptiste Kempf

access/http: Fix off-by-one in ICY parser

This fixes a off-by-one issue in the ICY parser that would happen in the
case the ICY metadata is unquoted. (StreamTitle=test;).
With empty metadata without ; (StreamTitle=) this would lead to a buffer
over-read.

Credit to Filip Roséen who discovered this issue.
Signed-off-by: Jean-Baptiste Kempf's avatarJean-Baptiste Kempf <jb@videolan.org>
parent cb751409
......@@ -525,18 +525,19 @@ static int ReadICYMeta( stream_t *p_access )
psz = strchr( &p[1], ';' );
if( psz ) *psz = '\0';
p++;
}
else
{
char *psz = strchr( &p[1], ';' );
char *psz = strchr( p, ';' );
if( psz ) *psz = '\0';
}
if( !p_sys->psz_icy_title ||
strcmp( p_sys->psz_icy_title, &p[1] ) )
strcmp( p_sys->psz_icy_title, p ) )
{
free( p_sys->psz_icy_title );
char *psz_tmp = strdup( &p[1] );
char *psz_tmp = strdup( p );
p_sys->psz_icy_title = EnsureUTF8( psz_tmp );
if( !p_sys->psz_icy_title )
free( psz_tmp );
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment