Commit 81ef5192 authored by Martin Storsjö's avatar Martin Storsjö

rtpdec: Limit writing to the buffer size

This fixes potential buffer overwrites.
Signed-off-by: 's avatarMartin Storsjö <martin@martin.st>
parent 48238fd0
...@@ -531,7 +531,7 @@ static int rtp_parse_packet_internal(RTPDemuxContext *s, AVPacket *pkt, ...@@ -531,7 +531,7 @@ static int rtp_parse_packet_internal(RTPDemuxContext *s, AVPacket *pkt,
if (ret < 0) if (ret < 0)
return AVERROR(EAGAIN); return AVERROR(EAGAIN);
if (ret < len) { if (ret < len) {
s->read_buf_size = len - ret; s->read_buf_size = FFMIN(len - ret, sizeof(s->buf));
memcpy(s->buf, buf + ret, s->read_buf_size); memcpy(s->buf, buf + ret, s->read_buf_size);
s->read_buf_index = 0; s->read_buf_index = 0;
return 1; return 1;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment