Ticket #2292 (closed defect: fixed)
Crash: Buffer overflow in rtmp_open() [libavformat/rtmpproto.c]
|Reported by:||marcel123||Owned by:|
|Blocking:||Reproduced by developer:||no|
|Analyzed by developer:||no|
I have been working with RTMP streaming to YouTube?. The URLs that YouTube? generates when creating their "Live Events" are very long. I was getting a heap corruption which I tracked down to the following:
#define APP_MAX_LENGTH 128
YouTube? generates URLs where the app portion of the URL is usually longer than 128 bytes. The code in rtmp_open() only allocates APP_MAX_LENGTH bytes and does not check for an overflow. As a result, the long YouTube? RTMP URL is causing a heap corruption.
I verified that allocating the appropriate size buffer does fix the problem I was seeing.
- Cc msamek@… added
- Version changed from unspecified to 1.1.2
- Priority changed from normal to important
- Version changed from 1.1.2 to git-master