From 6b4165643dcfbf6ead55c00f68406874d7e1a9d4 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Wed, 8 May 2024 04:07:40 +0200
Subject: [PATCH] avformat/sdp: Check before appending ","

Found by reviewing code related to CID1500301 String not null terminated

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5b82852519e92a2b94de0f22da1a81df5b3e0412)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/sdp.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/sdp.c b/libavformat/sdp.c
index 6888936290..69e285afe6 100644
--- a/libavformat/sdp.c
+++ b/libavformat/sdp.c
@@ -202,6 +202,8 @@ static int extradata2psets(AVFormatContext *s, const AVCodecParameters *par,
             continue;
         }
         if (p != (psets + strlen(pset_string))) {
+            if (p - psets >= MAX_PSET_SIZE)
+                goto fail_in_loop;
             *p = ',';
             p++;
         }
@@ -212,6 +214,7 @@ static int extradata2psets(AVFormatContext *s, const AVCodecParameters *par,
         if (!av_base64_encode(p, MAX_PSET_SIZE - (p - psets), r, r1 - r)) {
             av_log(s, AV_LOG_ERROR, "Cannot Base64-encode %"PTRDIFF_SPECIFIER" %"PTRDIFF_SPECIFIER"!\n",
                    MAX_PSET_SIZE - (p - psets), r1 - r);
+fail_in_loop:
             av_free(psets);
             av_free(tmpbuf);