--- MPlayer-1.0pre5/libmpdemux/realrtsp/real.c	2004-04-25 02:17:23.000000000 +0200
+++ MPlayer-1.0pre5try2/libmpdemux/realrtsp/real.c	2004-12-15 21:35:34.000000000 +0100
@@ -683,6 +683,8 @@
   return 1;
 }
 
+//! maximum size of the rtsp description, must be < INT_MAX
+#define MAX_DESC_BUF (20 * 1024 * 1024)
 rmff_header_t  *real_setup_and_get_header(rtsp_t *rtsp_session, uint32_t bandwidth) {
 
   char *description=NULL;
@@ -733,13 +735,21 @@
   else
     size=atoi(rtsp_search_answers(rtsp_session,"Content-length"));
 
+  // as size is unsigned this also catches the case (size < 0)
+  if (size > MAX_DESC_BUF) {
+    printf("real: Content-length for description too big (> %uMB)!\n",
+            MAX_DESC_BUF/(1024*1024) );
+    xbuffer_free(buf);
+    return NULL;
+  }
+
   if (!rtsp_search_answers(rtsp_session,"ETag"))
     printf("real: got no ETag!\n");
   else
     session_id=strdup(rtsp_search_answers(rtsp_session,"ETag"));
     
 #ifdef LOG
-  printf("real: Stream description size: %i\n", size);
+  printf("real: Stream description size: %u\n", size);
 #endif
 
   description=malloc(sizeof(char)*(size+1));