[MPlayer-dev-eng] [PATCH] fix to codec memory mapper to prevent segfaults
Attila Kinali
attila at kinali.ch
Sun Aug 1 02:47:36 CEST 2004
On Sun, Jul 04, 2004 at 12:07:35AM +0100, Martin Simmons wrote:
> Sorry for the length of this mail, but the patch is low level so I thought you
> might need some evidence.
>
> After recently replacing all my installed codecs with those from
> mplayer-codecs-extralite-2.0-2.i386.rpm, the GUI MPlayer regularly segfaults
> when playing wmv8 files (debugging output below; the movie is
> http://www.chanimal.com/videomaker/Talent_Show_Promo_-_256kbs.wmv).
>
> I've tracked this down to the mapping of the wmvdmod.dll codec (previously I
> had wmv8ds32.ax, so this didn't happen). The problem is that the base address
> of wmvdmod.dll makes it obliterate the libc heap if this has grown too much
> before the codec is loaded. This is more likely to happen in the GUI, but is
> a general problem and is possibly exploitable for remote code execution too.
>
> The attached patch fixes the problem on Linux by making VirtualAlloc avoid
> already-allocated addresses, something like it does in Win32. I say
> "something like" because for efficiency it only records the addresses the
> first time, rather than for each allocation request, but that is sufficient in
> this case.
What happend to this patch ?
Attila Kinali
More information about the MPlayer-dev-eng
mailing list