[MPlayer-dev-eng] [RFC] check for correct calloc
Balatoni Denes
dbalatoni at interware.hu
Fri Sep 14 00:58:02 CEST 2007
Hi!
Friday 14 September 2007 00:21-kor Reimar Döffinger ezt írta:
> > I am against this because if somebody is so security councious, he/she
> > should upgrade his/her libc, instead of us working around the bugs in
> > other packages (and if somebody is not so security councious, than why
> > would he care if there is one more way to make mplayer segfault).
>
> Hmm.. did we discuss this before already or is my mind playing tricks on
> me?
No.
> Either way, you misunderstood this, if the libc is working MPlayer might
> segfault, if it does not then it will be a heap overflow.
> And the point is to make people aware that they have a broken libc (and
> there are more than glibc and other equally well supported versions).
I think what I said still stands. I mean, mplayer could even check the package
repository of the distribution if there are any security fixes, download
them, install them etc. - just kidding, but the point is it's not mplayer's
job. It's the job of the security concious user - or if he is not security
councious we don't need to bother either.
> Greetings,
> Reimar Döffinger
bye
Denes
More information about the MPlayer-dev-eng
mailing list