[MPlayer-dev-eng] [RFC] check for correct calloc

Reimar Döffinger Reimar.Doeffinger at stud.uni-karlsruhe.de
Thu Sep 13 21:31:46 CEST 2007


Hello,
in light of this
http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt
and the corresponding libc bug
http://cert.uni-stuttgart.de/advisories/calloc.php
I'd propose attached patch that makes MPlayer refuse to run without an
extra flag.
Unfortunately I don't have any broken libc so I can't really test.
Do you think that is desirable? Or do you think it's a stupid idea?

Greetings,
Reimar Döffinger
-------------- next part --------------
Index: mplayer.c
===================================================================
--- mplayer.c	(revision 24447)
+++ mplayer.c	(working copy)
@@ -2338,6 +2338,7 @@
 #endif
 
     mpctx->playtree = m_config_parse_mp_command_line(mconfig, argc, argv);
+    libc_check();
     if(mpctx->playtree == NULL)
       opt_exit = 1;
     else {
Index: mencoder.c
===================================================================
--- mencoder.c	(revision 24447)
+++ mencoder.c	(working copy)
@@ -482,6 +482,7 @@
  m_config_register_options(mconfig,mencoder_opts);
  parse_cfgfiles(mconfig);
  filelist = m_config_parse_me_command_line(mconfig, argc, argv);
+ libc_check();
  if(!filelist) mencoder_exit(1, MSGTR_ErrorParsingCommandLine);
 
 {
Index: mpcommon.c
===================================================================
--- mpcommon.c	(revision 24447)
+++ mpcommon.c	(working copy)
@@ -10,8 +10,10 @@
 #ifdef HAVE_TV_TELETEXT
 #include "stream/tv.h"
 #endif
+#include "mp_msg.h"
 
 double sub_last_pts = -303;
+int do_libc_check = 1;
 
 #ifdef USE_ASS
 #include "libass/ass.h"
@@ -22,6 +24,16 @@
 sub_data* subdata = NULL;
 subtitle* vo_sub_last = NULL;
 
+void libc_check(void) {
+  if (!do_libc_check) return;
+  if (calloc(0x1000000010000001ULL, 0x10)) {
+    mp_msg(MSGT_GLOBAL, MSGL_FATAL,
+      "Your C library calloc function has an integer overflow vulnerability\n"
+      "This is a security risk and MPlayer will only start if you disable this check\n");
+    exit(1);
+  }
+}
+
 void update_subtitles(sh_video_t *sh_video, demux_stream_t *d_dvdsub, int reset)
 {
     unsigned char *packet=NULL;
Index: cfg-common.h
===================================================================
--- cfg-common.h	(revision 24447)
+++ cfg-common.h	(working copy)
@@ -13,6 +13,8 @@
 #ifdef WIN32
 	{"priority", &proc_priority, CONF_TYPE_STRING, 0, 0, 0, NULL},
 #endif
+	{"libc-check", &do_libc_check, CONF_TYPE_FLAG, CONF_GLOBAL, 0, 1, NULL},
+	{"nolibc-check", &do_libc_check, CONF_TYPE_FLAG, CONF_GLOBAL, 1, 0, NULL},
 
 // ------------------------- stream options --------------------
 
@@ -337,6 +340,8 @@
 
 #include "config.h"
 
+extern int do_libc_check;
+
 extern char *mp_msg_charset;
 
 // codec/filter opts: (defined at libmpcodecs/vd.c)


More information about the MPlayer-dev-eng mailing list