[FFmpeg-trac] #2292(avformat:new): Crash: Buffer overflow in rtmp_open() [libavformat/rtmpproto.c]
FFmpeg
trac at avcodec.org
Wed Feb 20 23:28:12 CET 2013
#2292: Crash: Buffer overflow in rtmp_open() [libavformat/rtmpproto.c]
-----------------------------------+---------------------------------------
Reporter: marcel123 | Type: defect
Status: new | Priority: normal
Component: avformat | Version: unspecified
Keywords: RTMP | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-----------------------------------+---------------------------------------
I have been working with RTMP streaming to YouTube. The URLs that YouTube
generates when creating their "Live Events" are very long. I was getting a
heap corruption which I tracked down to the following:
In rtmpproto.c
#define APP_MAX_LENGTH 128
YouTube generates URLs where the app portion of the URL is usually longer
than 128 bytes. The code in rtmp_open() only allocates APP_MAX_LENGTH
bytes and does not check for an overflow. As a result, the long YouTube
RTMP URL is causing a heap corruption.
I verified that allocating the appropriate size buffer does fix the
problem I was seeing.
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2292>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list