[MPlayer-dev-eng] [RFC] check for correct calloc
Reimar Döffinger
Reimar.Doeffinger at stud.uni-karlsruhe.de
Fri Sep 14 23:47:10 CEST 2007
Hello,
On Thu, Sep 13, 2007 at 10:22:43PM -0400, Rich Felker wrote:
> On Fri, Sep 14, 2007 at 12:58:02AM +0200, Balatoni Denes wrote:
> > > Either way, you misunderstood this, if the libc is working MPlayer might
> > > segfault, if it does not then it will be a heap overflow.
> > > And the point is to make people aware that they have a broken libc (and
> > > there are more than glibc and other equally well supported versions).
> >
> > I think what I said still stands. I mean, mplayer could even check the package
> > repository of the distribution if there are any security fixes, download
> > them, install them etc. - just kidding, but the point is it's not mplayer's
> > job. It's the job of the security concious user - or if he is not security
> > councious we don't need to bother either.
>
> I agree. It's not our job to hunt for bugs that were fixed by clueful
> implementors 10-15 years ago and by our less-clueful GNU and MS
> friends 5 years ago...
Well, thanks to it I found out that valgrind is affected (both 32 and 64
bit), so you might be overestimating the average "cluefulness"...
Greetings,
Reimar Döffinger
More information about the MPlayer-dev-eng
mailing list