From d034ddcd1f6cdd5528f02db38cf3552301bef1a4 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Sat, 23 Feb 2013 16:58:01 +0100
Subject: [PATCH] rtmpproto: Check APP_MAX_LENGTH

Fixes Ticket2292

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 02ac3398eb52679301028c2fd3ebad1b6261b4da)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavformat/rtmpproto.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/libavformat/rtmpproto.c b/libavformat/rtmpproto.c
index e23dd2db41..090d8ec5bb 100644
--- a/libavformat/rtmpproto.c
+++ b/libavformat/rtmpproto.c
@@ -2156,16 +2156,20 @@ static int rtmp_open(URLContext *s, const char *uri, int flags)
             fname = strchr(p + 1, '/');
             if (!fname || (c && c < fname)) {
                 fname = p + 1;
-                av_strlcpy(rt->app, path + 1, p - path);
+                av_strlcpy(rt->app, path + 1, FFMIN(p - path, APP_MAX_LENGTH));
             } else {
                 fname++;
-                av_strlcpy(rt->app, path + 1, fname - path - 1);
+                av_strlcpy(rt->app, path + 1, FFMIN(fname - path - 1, APP_MAX_LENGTH));
             }
         }
     }
 
     if (old_app) {
         // The name of application has been defined by the user, override it.
+        if (strlen(old_app) >= APP_MAX_LENGTH) {
+            ret = AVERROR(EINVAL);
+            goto fail;
+        }
         av_free(rt->app);
         rt->app = old_app;
     }