rtpdec: Limit writing to the buffer size

This fixes potential buffer overwrites. Signed-off-by: Martin Storsjö <martin@martin.st>

rtpdec: Limit writing to the buffer size
This fixes potential buffer overwrites. Signed-off-by: Martin Storsjö <martin@martin.st>
81ef5192 · Martin Storsjö · 48238fd0 · 81ef5192
Commit 81ef5192 authored Dec 11, 2012 by Martin Storsjö
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

rtpdec.c libavformat/rtpdec.c +1 -1

No files found.
--- a/libavformat/rtpdec.c
+++ b/libavformat/rtpdec.c
@@ -531,7 +531,7 @@ static int rtp_parse_packet_internal(RTPDemuxContext *s, AVPacket *pkt,
        if (ret < 0)
            return AVERROR(EAGAIN);
        if (ret < len) {
-            s->read_buf_size = len - ret;
+            s->read_buf_size = FFMIN(len - ret, sizeof(s->buf));
            memcpy(s->buf, buf + ret, s->read_buf_size);
            s->read_buf_index = 0;
            return 1;