[MPlayer-dev-eng] hundreds of buffer overflows in Gui/mplayer/common.c

D Richard Felker III dalias at aerifal.cx
Wed Jun 2 03:45:14 CEST 2004


ok maybe not hundreds but it's pretty damn close. some guy came in
#mplayerdev and told us about one, and i since discovered lots more.
in particular the "Translate" function (which does format string
expansion) is totally brain damaged. i would recommend not using the
gui. this code is so nasty and broken that i'm not going to spend my
time fixing it, so if you want the gui to work and don't want to be
embarassed by remote vulns in mplayer, step up and fix it. my other
idea was to cvs remove -r Gui but no one seems to like that... :(

rich




More information about the MPlayer-dev-eng mailing list