New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RTSP: avoid integer overflow on funny RTSP response #1969

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
2 participants
@bagder
Member

bagder commented Oct 8, 2017

... like a very large non-existing RTSP version number.

Added test 577 to verify.

Detected by OSS-fuzz.

Show outdated Hide outdated lib/http.c
# Server-side
<reply>
<data>
RTSP/1.1234567 200 OK

This comment has been minimized.

@cmeister2

cmeister2 Oct 8, 2017

Contributor

Your sscanf has wall coming from %d. Is "OK" going to be matched by %d?

@cmeister2

cmeister2 Oct 8, 2017

Contributor

Your sscanf has wall coming from %d. Is "OK" going to be matched by %d?

RTSP: avoid integer overflow on funny RTSP response
... like a very large non-existing RTSP version number.

Added test 577 to verify.

Detected by OSS-fuzz.

@bagder bagder closed this in 232dffc Oct 8, 2017

@bagder bagder deleted the bagder/rtsp-integer-overflow branch Oct 8, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment