Commit a01be865 authored by Rémi Duraffort's avatar Rémi Duraffort

realrtsp: don't write outside a static buffer.

parent 3e7b45b0
...@@ -442,10 +442,9 @@ rmff_header_t *real_parse_sdp(char *data, char **stream_rules, uint32_t bandwidt ...@@ -442,10 +442,9 @@ rmff_header_t *real_parse_sdp(char *data, char **stream_rules, uint32_t bandwidt
buf= (char *)malloc(2048); buf= (char *)malloc(2048);
if( !buf ) goto error; if( !buf ) goto error;
header = (rmff_header_t*)malloc(sizeof(rmff_header_t)); header = calloc( 1, sizeof(rmff_header_t) );
if( !header ) goto error; if( !header ) goto error;
memset(header, 0, sizeof(rmff_header_t));
header->fileheader=rmff_new_fileheader(4+desc->stream_count); header->fileheader=rmff_new_fileheader(4+desc->stream_count);
header->cont=rmff_new_cont( header->cont=rmff_new_cont(
desc->title, desc->title,
...@@ -456,10 +455,9 @@ rmff_header_t *real_parse_sdp(char *data, char **stream_rules, uint32_t bandwidt ...@@ -456,10 +455,9 @@ rmff_header_t *real_parse_sdp(char *data, char **stream_rules, uint32_t bandwidt
header->data=rmff_new_dataheader(0,0); header->data=rmff_new_dataheader(0,0);
if( !header->data ) goto error; if( !header->data ) goto error;
header->streams = (rmff_mdpr_t**) malloc(sizeof(rmff_mdpr_t*)*(desc->stream_count+1)); header->streams = calloc( desc->stream_count+1, sizeof(rmff_mdpr_t*) );
if( !header->streams ) goto error; if( !header->streams ) goto error;
memset(header->streams, 0, sizeof(rmff_mdpr_t*)*(desc->stream_count+1));
lprintf("number of streams: %u\n", desc->stream_count); lprintf("number of streams: %u\n", desc->stream_count);
for (i=0; i<desc->stream_count; i++) { for (i=0; i<desc->stream_count; i++) {
...@@ -471,7 +469,7 @@ rmff_header_t *real_parse_sdp(char *data, char **stream_rules, uint32_t bandwidt ...@@ -471,7 +469,7 @@ rmff_header_t *real_parse_sdp(char *data, char **stream_rules, uint32_t bandwidt
lprintf("calling asmrp_match with:\n%s\n%u\n", desc->stream[i]->asm_rule_book, bandwidth); lprintf("calling asmrp_match with:\n%s\n%u\n", desc->stream[i]->asm_rule_book, bandwidth);
n=asmrp_match(desc->stream[i]->asm_rule_book, bandwidth, rulematches); n=asmrp_match(desc->stream[i]->asm_rule_book, bandwidth, rulematches, sizeof(rulematches)/sizeof(rulematches[0]));
for (j=0; j<n; j++) { for (j=0; j<n; j++) {
lprintf("asmrp rule match: %u for stream %u\n", rulematches[j], desc->stream[i]->stream_id); lprintf("asmrp rule match: %u for stream %u\n", rulematches[j], desc->stream[i]->stream_id);
sprintf(b,"stream=%u;rule=%u,", desc->stream[i]->stream_id, rulematches[j]); sprintf(b,"stream=%u;rule=%u,", desc->stream[i]->stream_id, rulematches[j]);
......
...@@ -48,6 +48,6 @@ int real_get_rdt_chunk_header(rtsp_client_t *, rmff_pheader_t *); ...@@ -48,6 +48,6 @@ int real_get_rdt_chunk_header(rtsp_client_t *, rmff_pheader_t *);
int real_get_rdt_chunk(rtsp_client_t *, rmff_pheader_t *, unsigned char **); int real_get_rdt_chunk(rtsp_client_t *, rmff_pheader_t *, unsigned char **);
rmff_header_t *real_setup_and_get_header(rtsp_client_t *, int bandwidth); rmff_header_t *real_setup_and_get_header(rtsp_client_t *, int bandwidth);
int asmrp_match(const char *rules, int bandwidth, int *matches) ; int asmrp_match(const char *rules, int bandwidth, int *matches, int matchsize) ;
#endif #endif
...@@ -94,7 +94,7 @@ static asmrp_t *asmrp_new (void ) { ...@@ -94,7 +94,7 @@ static asmrp_t *asmrp_new (void ) {
p->sym_tab_num = 0; p->sym_tab_num = 0;
p->sym = ASMRP_SYM_NONE; p->sym = ASMRP_SYM_NONE;
p->buf = 0; p->buf = NULL;
return p; return p;
} }
...@@ -595,7 +595,7 @@ static int asmrp_rule (asmrp_t *p) { ...@@ -595,7 +595,7 @@ static int asmrp_rule (asmrp_t *p) {
return ret; return ret;
} }
static int asmrp_eval (asmrp_t *p, int *matches) { static int asmrp_eval (asmrp_t *p, int *matches, int matchsize) {
int rule_num, num_matches; int rule_num, num_matches;
...@@ -604,7 +604,7 @@ static int asmrp_eval (asmrp_t *p, int *matches) { ...@@ -604,7 +604,7 @@ static int asmrp_eval (asmrp_t *p, int *matches) {
asmrp_get_sym (p); asmrp_get_sym (p);
rule_num = 0; num_matches = 0; rule_num = 0; num_matches = 0;
while (p->sym != ASMRP_SYM_EOF) { while (p->sym != ASMRP_SYM_EOF && num_matches < matchsize - 1) {
if (asmrp_rule (p)) { if (asmrp_rule (p)) {
lprintf ("rule #%d is true\n", rule_num); lprintf ("rule #%d is true\n", rule_num);
...@@ -620,7 +620,7 @@ static int asmrp_eval (asmrp_t *p, int *matches) { ...@@ -620,7 +620,7 @@ static int asmrp_eval (asmrp_t *p, int *matches) {
return num_matches; return num_matches;
} }
int asmrp_match (const char *rules, int bandwidth, int *matches) { int asmrp_match (const char *rules, int bandwidth, int *matches, int matchsize) {
asmrp_t *p; asmrp_t *p;
int num_matches; int num_matches;
...@@ -632,7 +632,7 @@ int asmrp_match (const char *rules, int bandwidth, int *matches) { ...@@ -632,7 +632,7 @@ int asmrp_match (const char *rules, int bandwidth, int *matches) {
asmrp_set_id (p, "Bandwidth", bandwidth); asmrp_set_id (p, "Bandwidth", bandwidth);
asmrp_set_id (p, "OldPNMPlayer", 0); asmrp_set_id (p, "OldPNMPlayer", 0);
num_matches = asmrp_eval (p, matches); num_matches = asmrp_eval (p, matches, matchsize);
asmrp_dispose (p); asmrp_dispose (p);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment