[MPlayer-cvslog] CVS: main/libmpdemux asf.h, 1.18, 1.19 asfheader.c, 1.47, 1.48 demux_asf.c, 1.45, 1.46

Rich Felker dalias at aerifal.cx
Sat Apr 1 05:32:36 CEST 2006


On Fri, Mar 31, 2006 at 09:26:11PM +0300, Ivan Kalvachev wrote:
> 2006/3/31, Attila Kinali <attila at kinali.ch>:
> > On Thu, 30 Mar 2006 11:14:26 +0200
> > Reimar Döffinger <Reimar.Doeffinger at stud.uni-karlsruhe.de> wrote:
> >
> > > buffer is still char * instead of uint8_t * though.
> > > Not to mention that I don't think these are the only bugs left in the
> > > asf demuxer (last time I tried playing an ASF stream generated by VLC it
> > > segfaulted left and right...)
> >
> > If this isnt a fix for the buffer overflow, what are we
> > going to do with the security advisory?
> 
> I fixed it already. please check my commit. also read my explanetion
> for this particular bug and why it is not exploitable (at all) in the
> mplayer-users maillist. Well we were lucky with this one, but that's
> all.

Have you verified (via testing) that it's not exploitable, or just by
reading? Signed/unsigned semantics are very strange in C in some of
these cases.. and might not do what you think!

Rich




More information about the MPlayer-cvslog mailing list