From fecd4a115405933a2c837ae0e10770c338adbbe6 Mon Sep 17 00:00:00 2001
From: Sreerenj Balachandran <sreerenj.balachandran@nokia.com>
Date: Wed, 6 Apr 2011 22:57:41 +0300
Subject: [PATCH] rtsptranport: ensure valid int result when parsing ranges

Specifically, make sure that the return value of strtol is falling in
between the range of G_MININT and G_MAXINT.

Fixes #646952.
---
 gst-libs/gst/rtsp/gstrtsptransport.c | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/gst-libs/gst/rtsp/gstrtsptransport.c b/gst-libs/gst/rtsp/gstrtsptransport.c
index ad1b8e21ad..de3085ed31 100644
--- a/gst-libs/gst/rtsp/gstrtsptransport.c
+++ b/gst-libs/gst/rtsp/gstrtsptransport.c
@@ -269,6 +269,20 @@ parse_mode (GstRTSPTransport * transport, const gchar * str)
   transport->mode_record = (strstr (str, "record") != NULL);
 }
 
+static gboolean
+check_range (const gchar * str, gchar ** tmp, gint * range)
+{
+  glong range_val;
+
+  range_val = strtol (str, tmp, 10);
+  if (range_val >= G_MININT && range_val <= G_MAXINT) {
+    *range = range_val;
+    return TRUE;
+  } else {
+    return FALSE;
+  }
+}
+
 static gboolean
 parse_range (const gchar * str, GstRTSPRange * range)
 {
@@ -286,16 +300,14 @@ parse_range (const gchar * str, GstRTSPRange * range)
     if (g_ascii_isspace (minus[1]) || minus[1] == '+' || minus[1] == '-')
       goto invalid_range;
 
-    range->min = strtol (str, &tmp, 10);
-    if (str == tmp || tmp != minus)
+    if (!check_range (str, &tmp, &range->min) || str == tmp || tmp != minus)
       goto invalid_range;
 
-    range->max = strtol (minus + 1, &tmp, 10);
-    if (*tmp && *tmp != ';')
+    if (!check_range (minus + 1, &tmp, &range->max) || (*tmp && *tmp != ';'))
       goto invalid_range;
   } else {
-    range->min = strtol (str, &tmp, 10);
-    if (str == tmp || (*tmp && *tmp != ';'))
+    if (!check_range (str, &tmp, &range->min) || str == tmp ||
+        (*tmp && *tmp != ';'))
       goto invalid_range;
 
     range->max = -1;