From f865a1394153c4ac71e759c947407bd3977b052c Mon Sep 17 00:00:00 2001 From: rtogni Date: Sun, 31 Dec 2006 13:27:53 +0000 Subject: Fix potential buffer overflow in asm rules matching code git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@21799 b3059339-0415-0410-9bf9-f77b7e298cf2 --- stream/realrtsp/asmrp.c | 8 ++++++-- stream/realrtsp/asmrp.h | 2 ++ stream/realrtsp/real.c | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) (limited to 'stream') diff --git a/stream/realrtsp/asmrp.c b/stream/realrtsp/asmrp.c index ae21e5a624..ec86afae77 100644 --- a/stream/realrtsp/asmrp.c +++ b/stream/realrtsp/asmrp.c @@ -41,6 +41,7 @@ #include #include #include "mp_msg.h" +#include "asmrp.h" /* #define LOG @@ -646,8 +647,11 @@ static int asmrp_eval (asmrp_t *p, int *matches) { #ifdef LOG printf ("rule #%d is true\n", rule_num); #endif - matches[num_matches] = rule_num; - num_matches++; + if(num_matches < MAX_RULEMATCHES - 1) + matches[num_matches++] = rule_num; + else + mp_msg(MSGT_STREAM, MSGL_ERR, + "Ignoring matched asm rule %d, too many matched rules.\n", rule_num); } rule_num++; diff --git a/stream/realrtsp/asmrp.h b/stream/realrtsp/asmrp.h index 7cbd37d74a..ab80898c98 100644 --- a/stream/realrtsp/asmrp.h +++ b/stream/realrtsp/asmrp.h @@ -40,6 +40,8 @@ #ifndef HAVE_ASMRP_H #define HAVE_ASMRP_H +#define MAX_RULEMATCHES 16 + int asmrp_match (const char *rules, int bandwidth, int *matches) ; #endif diff --git a/stream/realrtsp/real.c b/stream/realrtsp/real.c index a0c92a87fc..84a3cdd18f 100644 --- a/stream/realrtsp/real.c +++ b/stream/realrtsp/real.c @@ -275,7 +275,7 @@ static rmff_header_t *real_parse_sdp(char *data, char **stream_rules, uint32_t b int j=0; int n; char b[64]; - int rulematches[16]; + int rulematches[MAX_RULEMATCHES]; #ifdef LOG printf("calling asmrp_match with:\n%s\n%u\n", desc->stream[i]->asm_rule_book, bandwidth); -- cgit v1.2.3