mirror of https://github.com/mpv-player/mpv
More bounds checking fixes (thnaks to Miguel Freitas)
git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@12272 b3059339-0415-0410-9bf9-f77b7e298cf2
This commit is contained in:
rtognimp
parent
4f80127142
commit
d547053b43
|
|
@ -661,7 +661,7 @@ int real_get_rdt_chunk(rtsp_t *rtsp_session, char **buffer) {
|
||||||
size-=12;
|
size-=12;
|
||||||
n=rtsp_read_data(rtsp_session, (*buffer)+12, size);
|
n=rtsp_read_data(rtsp_session, (*buffer)+12, size);
|
||||||
|
|
||||||
return n+12;
|
return (n <= 0) ? 0 : n+12;
|
||||||
}
|
}
|
||||||
|
|
||||||
int convert_timestamp(char *str, int *sec, int *msec) {
|
int convert_timestamp(char *str, int *sec, int *msec) {
|
||||||
|
|
@ -744,7 +744,10 @@ rmff_header_t *real_setup_and_get_header(rtsp_t *rtsp_session, uint32_t bandwid
|
||||||
|
|
||||||
description=malloc(sizeof(char)*(size+1));
|
description=malloc(sizeof(char)*(size+1));
|
||||||
|
|
||||||
rtsp_read_data(rtsp_session, description, size);
|
if( rtsp_read_data(rtsp_session, description, size) <= 0) {
|
||||||
|
buf = xbuffer_free(buf);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
description[size]=0;
|
description[size]=0;
|
||||||
|
|
||||||
/* parse sdp (sdpplin) and create a header and a subscribe string */
|
/* parse sdp (sdpplin) and create a header and a subscribe string */
|
||||||
|
|
|
||||||
|
|
@ -73,8 +73,6 @@ struct rtsp_s {
|
||||||
unsigned int server_state;
|
unsigned int server_state;
|
||||||
uint32_t server_caps;
|
uint32_t server_caps;
|
||||||
|
|
||||||
char buffer[BUF_SIZE]; /* scratch buffer */
|
|
||||||
|
|
||||||
unsigned int cseq;
|
unsigned int cseq;
|
||||||
char *session;
|
char *session;
|
||||||
|
|
||||||
|
|
@ -271,11 +269,12 @@ static void hexdump (char *buf, int length) {
|
||||||
static char *rtsp_get(rtsp_t *s) {
|
static char *rtsp_get(rtsp_t *s) {
|
||||||
|
|
||||||
int n=0;
|
int n=0;
|
||||||
char *string;
|
char *buffer = malloc(BUF_SIZE);
|
||||||
|
char *string = NULL;
|
||||||
|
|
||||||
while (n<BUF_SIZE) {
|
while (n<BUF_SIZE) {
|
||||||
read_stream(s->s, &s->buffer[n], 1);
|
read_stream(s->s, &(buffer[n]), 1);
|
||||||
if ((s->buffer[n-1]==0x0d)&&(s->buffer[n]==0x0a)) break;
|
if ((buffer[n-1]==0x0d)&&(buffer[n]==0x0a)) break;
|
||||||
n++;
|
n++;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -284,7 +283,7 @@ static char *rtsp_get(rtsp_t *s) {
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
string=malloc(sizeof(char)*n);
|
string=malloc(sizeof(char)*n);
|
||||||
memcpy(string,s->buffer,n-1);
|
memcpy(string,buffer,n-1);
|
||||||
string[n-1]=0;
|
string[n-1]=0;
|
||||||
|
|
||||||
#ifdef LOG
|
#ifdef LOG
|
||||||
|
|
@ -292,6 +291,7 @@ static char *rtsp_get(rtsp_t *s) {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
free(buffer);
|
||||||
return string;
|
return string;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -352,8 +352,13 @@ static int rtsp_get_code(const char *string) {
|
||||||
static void rtsp_send_request(rtsp_t *s, const char *type, const char *what) {
|
static void rtsp_send_request(rtsp_t *s, const char *type, const char *what) {
|
||||||
|
|
||||||
char **payload=s->scheduled;
|
char **payload=s->scheduled;
|
||||||
sprintf(s->buffer,"%s %s %s",type, what, rtsp_protocol_version);
|
char *buf;
|
||||||
rtsp_put(s,s->buffer);
|
|
||||||
|
buf = malloc(strlen(type)+strlen(what)+strlen(rtsp_protocol_version)+3);
|
||||||
|
|
||||||
|
sprintf(buf,"%s %s %s",type, what, rtsp_protocol_version);
|
||||||
|
rtsp_put(s,buf);
|
||||||
|
free(buf);
|
||||||
if (payload)
|
if (payload)
|
||||||
while (*payload) {
|
while (*payload) {
|
||||||
rtsp_put(s,*payload);
|
rtsp_put(s,*payload);
|
||||||
|
|
@ -369,11 +374,17 @@ static void rtsp_send_request(rtsp_t *s, const char *type, const char *what) {
|
||||||
|
|
||||||
static void rtsp_schedule_standard(rtsp_t *s) {
|
static void rtsp_schedule_standard(rtsp_t *s) {
|
||||||
|
|
||||||
sprintf(s->buffer, "Cseq: %u", s->cseq);
|
char tmp[16];
|
||||||
rtsp_schedule_field(s, s->buffer);
|
|
||||||
|
snprintf(tmp, 16, "Cseq: %u", s->cseq);
|
||||||
|
rtsp_schedule_field(s, tmp);
|
||||||
|
|
||||||
if (s->session) {
|
if (s->session) {
|
||||||
sprintf(s->buffer, "Session: %s", s->session);
|
char *buf;
|
||||||
rtsp_schedule_field(s, s->buffer);
|
buf = malloc(strlen(s->session)+15);
|
||||||
|
sprintf(buf, "Session: %s", s->session);
|
||||||
|
rtsp_schedule_field(s, buf);
|
||||||
|
free(buf);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
/*
|
/*
|
||||||
|
|
@ -388,6 +399,8 @@ static int rtsp_get_answers(rtsp_t *s) {
|
||||||
int code;
|
int code;
|
||||||
|
|
||||||
answer=rtsp_get(s);
|
answer=rtsp_get(s);
|
||||||
|
if (!answer)
|
||||||
|
return 0;
|
||||||
code=rtsp_get_code(answer);
|
code=rtsp_get_code(answer);
|
||||||
free(answer);
|
free(answer);
|
||||||
|
|
||||||
|
|
@ -396,6 +409,8 @@ static int rtsp_get_answers(rtsp_t *s) {
|
||||||
do { /* while we get answer lines */
|
do { /* while we get answer lines */
|
||||||
|
|
||||||
answer=rtsp_get(s);
|
answer=rtsp_get(s);
|
||||||
|
if (!answer)
|
||||||
|
return 0;
|
||||||
|
|
||||||
if (!strncmp(answer,"Cseq:",5)) {
|
if (!strncmp(answer,"Cseq:",5)) {
|
||||||
sscanf(answer,"Cseq: %u",&answer_seq);
|
sscanf(answer,"Cseq: %u",&answer_seq);
|
||||||
|
|
@ -407,26 +422,29 @@ static int rtsp_get_answers(rtsp_t *s) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (!strncmp(answer,"Server:",7)) {
|
if (!strncmp(answer,"Server:",7)) {
|
||||||
sscanf(answer,"Server: %s",s->buffer);
|
char *buf = malloc(strlen(answer));
|
||||||
|
sscanf(answer,"Server: %s",buf);
|
||||||
if (s->server) free(s->server);
|
if (s->server) free(s->server);
|
||||||
s->server=strdup(s->buffer);
|
s->server=strdup(buf);
|
||||||
|
free(buf);
|
||||||
}
|
}
|
||||||
if (!strncmp(answer,"Session:",8)) {
|
if (!strncmp(answer,"Session:",8)) {
|
||||||
memset(s->buffer,0, BUF_SIZE);
|
char *buf = calloc(1, strlen(answer));
|
||||||
sscanf(answer,"Session: %s",s->buffer);
|
sscanf(answer,"Session: %s",buf);
|
||||||
if (s->session) {
|
if (s->session) {
|
||||||
if (strcmp(s->buffer, s->session)) {
|
if (strcmp(buf, s->session)) {
|
||||||
printf("rtsp: warning: setting NEW session: %s\n", s->buffer);
|
printf("rtsp: warning: setting NEW session: %s\n", buf);
|
||||||
free(s->session);
|
free(s->session);
|
||||||
s->session=strdup(s->buffer);
|
s->session=strdup(buf);
|
||||||
}
|
}
|
||||||
} else
|
} else
|
||||||
{
|
{
|
||||||
#ifdef LOG
|
#ifdef LOG
|
||||||
printf("rtsp: setting session id to: %s\n", s->buffer);
|
printf("rtsp: setting session id to: %s\n", s->buf);
|
||||||
#endif
|
#endif
|
||||||
s->session=strdup(s->buffer);
|
s->session=strdup(buf);
|
||||||
}
|
}
|
||||||
|
free(buf);
|
||||||
}
|
}
|
||||||
*answer_ptr=answer;
|
*answer_ptr=answer;
|
||||||
answer_ptr++;
|
answer_ptr++;
|
||||||
|
|
@ -555,13 +573,15 @@ int rtsp_read_data(rtsp_t *s, char *buffer, unsigned int size) {
|
||||||
if ((buffer[0]=='S')&&(buffer[1]=='E')&&(buffer[2]=='T')&&(buffer[3]=='_'))
|
if ((buffer[0]=='S')&&(buffer[1]=='E')&&(buffer[2]=='T')&&(buffer[3]=='_'))
|
||||||
{
|
{
|
||||||
char *rest=rtsp_get(s);
|
char *rest=rtsp_get(s);
|
||||||
/* a real server wanna play table tennis? */
|
if (!rest)
|
||||||
memcpy(s->buffer, buffer, 4);
|
return -1;
|
||||||
strcpy(s->buffer+4, rest);
|
|
||||||
seq=-1;
|
seq=-1;
|
||||||
do {
|
do {
|
||||||
free(rest);
|
free(rest);
|
||||||
rest=rtsp_get(s);
|
rest=rtsp_get(s);
|
||||||
|
if (!rest)
|
||||||
|
return -1;
|
||||||
if (!strncmp(rest,"Cseq:",5))
|
if (!strncmp(rest,"Cseq:",5))
|
||||||
sscanf(rest,"Cseq: %u",&seq);
|
sscanf(rest,"Cseq: %u",&seq);
|
||||||
} while (strlen(rest)!=0);
|
} while (strlen(rest)!=0);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue