Commit fecd4a11 authored by Sreerenj Balachandran's avatar Sreerenj Balachandran Committed by Mark Nauwelaerts

rtsptranport: ensure valid int result when parsing ranges

Specifically, make sure that the return value of strtol is falling in
between the range of G_MININT and G_MAXINT.

Fixes #646952.
parent 3fa0119d
......@@ -269,6 +269,20 @@ parse_mode (GstRTSPTransport * transport, const gchar * str)
transport->mode_record = (strstr (str, "record") != NULL);
}
static gboolean
check_range (const gchar * str, gchar ** tmp, gint * range)
{
glong range_val;
range_val = strtol (str, tmp, 10);
if (range_val >= G_MININT && range_val <= G_MAXINT) {
*range = range_val;
return TRUE;
} else {
return FALSE;
}
}
static gboolean
parse_range (const gchar * str, GstRTSPRange * range)
{
......@@ -286,16 +300,14 @@ parse_range (const gchar * str, GstRTSPRange * range)
if (g_ascii_isspace (minus[1]) || minus[1] == '+' || minus[1] == '-')
goto invalid_range;
range->min = strtol (str, &tmp, 10);
if (str == tmp || tmp != minus)
if (!check_range (str, &tmp, &range->min) || str == tmp || tmp != minus)
goto invalid_range;
range->max = strtol (minus + 1, &tmp, 10);
if (*tmp && *tmp != ';')
if (!check_range (minus + 1, &tmp, &range->max) || (*tmp && *tmp != ';'))
goto invalid_range;
} else {
range->min = strtol (str, &tmp, 10);
if (str == tmp || (*tmp && *tmp != ';'))
if (!check_range (str, &tmp, &range->min) || str == tmp ||
(*tmp && *tmp != ';'))
goto invalid_range;
range->max = -1;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment