--- stream/realrtsp/sdpplin.c.orig 2008-10-29 11:57:42.000000000 -0400 +++ stream/realrtsp/sdpplin.c 2008-10-29 12:01:49.000000000 -0400 @@ -158,7 +158,14 @@ static sdpplin_stream_t *sdpplin_parse_s handled=0; if(filter(*data,"a=control:streamid=",&buf)) { - desc->stream_id=atoi(buf); + /* This way negative values are mapped to unfeasibly high + * values, and will be discarded afterward + */ + unsigned long tmp = strtoul(buf, NULL, 10); + if ( tmp > UINT16_MAX ) + printf("stream id out of bound: %lu\n", tmp); + else + desc->stream_id=tmp; handled=1; *data=nl(*data); } @@ -329,7 +336,14 @@ sdpplin_t *sdpplin_parse(char *data) { } if(filter(data,"a=StreamCount:integer;",&buf)) { - desc->stream_count=(unsigned int)atoi(buf); + /* This way negative values are mapped to unfeasibly high + * values, and will be discarded afterward + */ + unsigned long tmp = strtoul(buf, NULL, 10); + if ( tmp > UINT16_MAX ) + printf("stream count out of bound: %lu\n", tmp); + else + desc->stream_count = tmp; desc->stream=calloc(desc->stream_count, sizeof(sdpplin_stream_t*)); if (!desc->stream) desc->stream_count = 0; handled=1; --- stream/realrtsp/sdpplin.h.orig 2006-10-22 18:32:25.000000000 -0400 +++ stream/realrtsp/sdpplin.h 2008-10-29 11:58:02.000000000 -0400 @@ -37,7 +37,7 @@ typedef struct { char *id; char *bandwidth; - int stream_id; + uint16_t stream_id; char *range; char *length; char *rtpmap; @@ -81,7 +81,7 @@ typedef struct { int flags; int is_real_data_type; - int stream_count; + uint16_t stream_count; char *title; char *author; char *copyright;