[MPlayer-dev-eng] mplayer & DSA 1244-1
Roberto Togni
rxt at rtogni.it
Sat Dec 30 17:18:08 CET 2006
On Sat, 30 Dec 2006 12:16:03 +0100
A Mennucc <mennucc1 at debian.org> wrote:
> hi
>
> did anybody look at the patch?
>
> Ivan Kalvachev ha scritto:
> > Next time first read
> > http://www.mplayerhq.hu/DOCS/HTML/en/bugreports_security.html
>
> :->
>
> OK
>
> a.
>
About the patch:
The patch looks ok, even if i prefer the attached patch, because:
- it shows clearly that the maximum allowed number of matched rules is
a constant fixed at compilation time
- prints an error message instead of silently ignoring the extra matches
- minimizes the changes in the code, avoiding the introduction of an
extra parameter that will always have the same value
About the bug:
While the bug is clearly a buffer overflow, I think it will be quite
hard to exploit it, since you can't write arbitrary data into the
buffer (you can only write a sequence of increasing numbers, unless
you can feed so many rules to overflow rule_num; in that case you can
restart the count).
Based on what I said above, my plan for this bug is:
- commit the fix to svn
- release a patch against rc1 (with a newsentry on the homepage)
- do not make a rc1try2 rerelease, since rc2 is due soon.
If anybody disagree please replay asap, I plan to do this late tonight
or tomorrow (depending on when i'll be back tonight).
Ciao,
Roberto
-------------- next part --------------
A non-text attachment was scrubbed...
Name: asmrpfix.diff
Type: text/x-patch
Size: 1333 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/attachments/20061230/ba1153aa/attachment.bin>
More information about the MPlayer-dev-eng
mailing list