modules/services_discovery/sap.c: avoid out-of-bounds write
After OpenDemux reads data using stream_Read(), it writes a '\0' to
the buffer after the newly-read data, but if the stream returned exactly
i_read_max bytes, this '\0' will end up just past the end of the allocated
psz_sdp array (see the call to realloc at the beginning of the loop).
Adjust the realloc call to allocate this one extra byte.
Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
(cherry picked from commit dee928705dd32839317dca0e77089b02dd720763)
Showing
Please register or sign in to comment