Comment 2 for bug 70664

Hello,

I already found a problem in vlc source tree and fixed it. Could somebody fix it also in distributions package? Problem is in uproper handling of buffer during sdp packet decompress. To solve the problem you need to do following:

File modules/services_discovery/sap.c, line 703:

        i_decompressed_size = Decompress( (uint8_t *)psz_sdp,
                   &p_decompressed_buffer, i_read - ( psz_sdp - (char *)p_buffer ) );
        if( i_decompressed_size > 0 )
        {
            psz_sdp = (char *)p_decompressed_buffer;
            realloc( p_decompressed_buffer, i_decompressed_size++ );
            psz_sdp[i_decompressed_size] = '\0';
        }

Update it for:

        i_decompressed_size = Decompress( (uint8_t *)psz_sdp,
                   &p_decompressed_buffer, i_read - ( psz_sdp - (char *)p_buffer ) );
        if( i_decompressed_size > 0 )
        {
            psz_sdp = (char *)p_decompressed_buffer;
            psz_sdp = realloc( p_decompressed_buffer, i_decompressed_size+1 );
            psz_sdp[i_decompressed_size] = '\0';
        }

Problem follows this line of code:

 realloc( p_decompressed_buffer, i_decompressed_size++ );
vs.
psz_sdp = realloc( p_decompressed_buffer, i_decompressed_size+1 );

Best regards,
Peter.