rtsp: Set the real_setup pointer properly, avoid out of bounds memory accesses
authorYuriy Kaminskiy <yumkam@mail.ru>
Sat, 6 Nov 2010 23:26:49 +0000 (23:26 +0000)
committerMartin Storsjö <martin@martin.st>
Sat, 6 Nov 2010 23:26:49 +0000 (23:26 +0000)
This fixes a regression since svn rev 24752, where the real_setup pointer
was set incorrectly. The arithmetic with the real_setup_cache pointer
is in units of enum AVDiscard, so the sizeof multiplication should be removed.

Patch by Yuriy Kaminskiy, yumkam at mail dot ru.

Originally committed as revision 25684 to svn://svn.ffmpeg.org/ffmpeg/trunk

libavformat/rtspdec.c

index d2f49a4..fd74b08 100644 (file)
@@ -136,7 +136,7 @@ static int rtsp_read_header(AVFormatContext *s,
     rt->real_setup_cache = av_mallocz(2 * s->nb_streams * sizeof(*rt->real_setup_cache));
     if (!rt->real_setup_cache)
         return AVERROR(ENOMEM);
-    rt->real_setup = rt->real_setup_cache + s->nb_streams * sizeof(*rt->real_setup);
+    rt->real_setup = rt->real_setup_cache + s->nb_streams;
 
     if (ap->initial_pause) {
          /* do not start immediately */