[MPlayer-dev-eng] [RFC] check for correct calloc
Balatoni Denes
dbalatoni at interware.hu
Fri Sep 14 00:28:24 CEST 2007
Hi!
Thursday 13 September 2007 21:31-kor Reimar Döffinger ezt írta:
> Hello,
> in light of this
> http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_h
>andling_AVI_file_vulnerabilities.txt and the corresponding libc bug
> http://cert.uni-stuttgart.de/advisories/calloc.php
> I'd propose attached patch that makes MPlayer refuse to run without an
> extra flag.
> Unfortunately I don't have any broken libc so I can't really test.
> Do you think that is desirable? Or do you think it's a stupid idea?
I am against this because if somebody is so security councious, he/she should
upgrade his/her libc, instead of us working around the bugs in other packages
(and if somebody is not so security councious, than why would he care if
there is one more way to make mplayer segfault).
> Greetings,
> Reimar Döffinger
bye
Denes
More information about the MPlayer-dev-eng
mailing list