diff options
author | Liong Sauw Ming <ming@teluu.com> | 2012-10-12 06:19:32 +0000 |
---|---|---|
committer | Liong Sauw Ming <ming@teluu.com> | 2012-10-12 06:19:32 +0000 |
commit | 41a256200fd0bb16cc81f6d128758bff748739ef (patch) | |
tree | 2075827bd50c90da0bf6eb0dbd4a12a33fe90c2b /pjmedia | |
parent | 6516f9d1c6caaa11b3d8c6df9b0b8c66c8d29c74 (diff) |
Re #1559: Fixed potential buffer overflow when duplicating the string
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@4283 74dad513-b988-da41-8d7b-12977e46ad98
Diffstat (limited to 'pjmedia')
-rw-r--r-- | pjmedia/src/pjmedia-audiodev/alsa_dev.c | 2 | ||||
-rw-r--r-- | pjmedia/src/pjmedia/rtcp.c | 3 |
2 files changed, 3 insertions, 2 deletions
diff --git a/pjmedia/src/pjmedia-audiodev/alsa_dev.c b/pjmedia/src/pjmedia-audiodev/alsa_dev.c index 5bcdedf0..efda3190 100644 --- a/pjmedia/src/pjmedia-audiodev/alsa_dev.c +++ b/pjmedia/src/pjmedia-audiodev/alsa_dev.c @@ -232,7 +232,7 @@ static pj_status_t add_dev (struct alsa_factory *af, const char *dev_name) pj_bzero(adi, sizeof(*adi)); /* Set device name */ - strcpy(adi->name, dev_name); + strncpy(adi->name, dev_name, sizeof(adi->name)); /* Check the number of playback channels */ adi->output_count = (pb_result>=0) ? 1 : 0; diff --git a/pjmedia/src/pjmedia/rtcp.c b/pjmedia/src/pjmedia/rtcp.c index 52274155..f45b8a60 100644 --- a/pjmedia/src/pjmedia/rtcp.c +++ b/pjmedia/src/pjmedia/rtcp.c @@ -752,7 +752,8 @@ static void parse_rtcp_bye(pjmedia_rtcp_session *sess, /* Check and get BYE reason */ if (size > 8) { - reason.slen = *((pj_uint8_t*)pkt+8); + reason.slen = PJ_MIN(sizeof(sess->stat.peer_sdes_buf_), + *((pj_uint8_t*)pkt+8)); pj_memcpy(sess->stat.peer_sdes_buf_, ((pj_uint8_t*)pkt+9), reason.slen); reason.ptr = sess->stat.peer_sdes_buf_; |