tmpName = (char*)gf_malloc(sizeof(char) * to_read);
if (!tmpName) return GF_OUT_OF_MEM;
//get the data
gf_bs_read_data(bs, tmpName, to_read);
//then get the break
i = 0;
while ( (tmpName[i] != 0) && (i < to_read) ) {
i++;
}
When you end the while loop, you access tmpname[to_read+ 1], causing a heap overflow. You should change it like this
while ( (i < to_read)&& (tmpName[i] != 0) ) {
i++;
}
The text was updated successfully, but these errors were encountered:
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
in box_code_base.c line 635 has a heap overflow.
When you end the while loop, you access tmpname[to_read+ 1], causing a heap overflow. You should change it like this
The text was updated successfully, but these errors were encountered: