[Live-devel] [PATCH] overflow in getResponse1()
Martin Bonnin
martinbonnin at gmail.com
Tue Feb 9 13:06:39 PST 2010
Hello all,
getResponse1() can overflow by one byte when called from
setupMediaSubsession().
The reason is that the 'responseBufferSize' does not include the ending
'\0' (see responseBuffer[bytesRead] = '\0' in RTSPClient.cpp around line
2195)
The attached patch allocates one byte more, like fResponseBuffer does, so
that it is safe to call getResponse1().
Best Regards,
--
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.live555.com/pipermail/live-devel/attachments/20100209/5f4bd979/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: one_byte_overflow.patch
Type: text/x-patch
Size: 591 bytes
Desc: not available
URL: <http://lists.live555.com/pipermail/live-devel/attachments/20100209/5f4bd979/attachment-0001.bin>
More information about the live-devel
mailing list