This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/6.1 in repository ffmpeg.
commit 3872c1ff80b330fb86e1f08d645734b6bcc49fce Author: Michael Niedermayer <[email protected]> AuthorDate: Tue May 19 09:40:41 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Sun Jun 14 20:01:26 2026 +0200 avformat/rtspdec: bound Content-Length in the ANNOUNCE handler to SDP_MAX_SIZE Reported by Franciszek Kalinowski (isec.pl / striga.ai) and Bartosz Smigielski. (cherry picked from commit 6049b4d7bc2be61cc91a1c412382b169697ca3c9) Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 150fbc76f53d71d0a720cd53cb907d40bf783a35) --- libavformat/rtspdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/rtspdec.c b/libavformat/rtspdec.c index 75429172c3..c9bd90e8d4 100644 --- a/libavformat/rtspdec.c +++ b/libavformat/rtspdec.c @@ -188,7 +188,7 @@ static int rtsp_read_announce(AVFormatContext *s) rtsp_send_reply(s, RTSP_STATUS_SERVICE, NULL, request.seq); return AVERROR_OPTION_NOT_FOUND; } - if (request.content_length > 0) { + if (request.content_length > 0 && request.content_length <= SDP_MAX_SIZE) { sdp = av_malloc(request.content_length + 1); if (!sdp) return AVERROR(ENOMEM); _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
