[FFmpeg-trac] #2292(avformat:new): Crash: Buffer overflow in rtmp_open() [libavformat/rtmpproto.c]

FFmpeg trac at avcodec.org
Wed Feb 20 23:28:12 CET 2013


#2292: Crash: Buffer overflow in rtmp_open() [libavformat/rtmpproto.c]
-----------------------------------+---------------------------------------
             Reporter:  marcel123  |                     Type:  defect
               Status:  new        |                 Priority:  normal
            Component:  avformat   |                  Version:  unspecified
             Keywords:  RTMP       |               Blocked By:
             Blocking:             |  Reproduced by developer:  0
Analyzed by developer:  0          |
-----------------------------------+---------------------------------------
 I have been working with RTMP streaming to YouTube. The URLs that YouTube
 generates when creating their "Live Events" are very long. I was getting a
 heap corruption which I tracked down to the following:

 In rtmpproto.c

 #define APP_MAX_LENGTH 128

 YouTube generates URLs where the app portion of the URL is usually longer
 than 128 bytes. The code in rtmp_open() only allocates APP_MAX_LENGTH
 bytes and does not check for an overflow. As a result, the long YouTube
 RTMP URL is causing a heap corruption.

 I verified that allocating the appropriate size buffer does fix the
 problem I was seeing.

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2292>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list