I just saw this in res/res_format_attr_h264.c in Asterisk 11.1.2:
I suspect there might be a potential buffer overflow here with a long "sprop-parameter-sets" string, but I don't really know the involved protocols well enough to check this.. What do you think?
// Ulf Härnhammar
Confirmed. When using sscanf, we need to length limit the strings to the length of the buffers on the stack - 1.