[MPlayer-dev-eng] [PATCH 0/4] String handling audit/cleanup

Nicholas Kain njkain at gmail.com
Fri Mar 2 21:14:21 CET 2007


I did a partial audit of the string handling in mplayer a few years
ago, but since things have changed greatly since that time, I decided
to once again comb through the tree and try to clean up possibly
problematic code.

These are all fixes; I've not spent the effort to prove whether a
certain fix is going to close a hole, or indeed whether any bug exists
-- I'm just trying to close possible crashes and make the code easier
to audit and maintain.  There are some off-by-one errors and possible
overruns that this code corrects.  I don't think any of them are
useful for exploitation, but I don't attempt to prove whether anything
is exploitable or not; I just care about correctness.

I've taken efforts to maintain indentation and avoid cosmetic changes.
 No trailing whitespace should appear, but let me know if something is
broken.  I have (sparingly -- I think 3 places in total) added
comments where an often-questionable function is used in a safe
manner.

The patches for the mplayer core are reasonably tested -- it works for
me, and I examined the diffs once or twice for correctness after
generating them.  The streaming code has only been reviewed for
correctness -- I don't have any streaming servers I regularly use, so
testing is harder.  I'd appreciate if someone could confirm that
everything is in working order.

One segment in http.c and the real streaming protocol are the nastiest
parts.  I have not completely finished with the real streaming parts;
the xine data structure glue layer is probably correct, but is
extremely ugly and opaque.  I plan on cleaning that up later, after
these patches are sorted out.

I have not spent any effort auditing the code outside of . and
stream/.  Those parts will come later.

Since there are many small patches, I'll be using attachments
containing all the patches for a given directory.  This will save the
ML from being spammed by 37 emails all at once.



More information about the MPlayer-dev-eng mailing list