path: root/main/gst-plugins-base/CVE-2019-9928.patch

diff --git a/gst-libs/gst/rtsp/gstrtspconnection.c b/gst-libs/gst/rtsp/gstrtspconnection.c
index 76ae7d4..81239dc 100644
--- a/gst-libs/gst/rtsp/gstrtspconnection.c
+++ b/gst-libs/gst/rtsp/gstrtspconnection.c
@@ -2128,7 +2128,7 @@ build_next (GstRTSPBuilder * builder, GstRTSPMessage * message,
           maxlen = sizeof (conn->session_id) - 1;
           /* the sessionid can have attributes marked with ;
            * Make sure we strip them */
-          for (i = 0; session_id[i] != '\0'; i++) {
+          for (i = 0; i < maxlen && session_id[i] != '\0'; i++) {
             if (session_id[i] == ';') {
               maxlen = i;
               /* parse timeout */