[MPlayer-dev-eng] mplayer exploit
Reimar Döffinger
Reimar.Doeffinger at stud.uni-karlsruhe.de
Fri Mar 28 09:36:02 CET 2008
On Thu, Mar 27, 2008 at 10:45:32PM +0000, Arpi wrote:
> maybe interesting:
>
> http://www.milw0rm.com/exploits/5307
>
> xine already patched this few weeks ago.
> they should have been notice us ...
Oh well, since it is discussed already all over the place:
MPlayer does not have most of the problems, but there is one.
I made a patch but I had not even the time to think about it properly,
and nobody else had either. So I attach it here, maybe someone can look
at it/test it etc. If there are no comments I will just apply it
tomorrow.
Greetings,
Reimar Döffinger
-------------- next part --------------
Index: stream/realrtsp/sdpplin.c
===================================================================
--- stream/realrtsp/sdpplin.c (revision 26295)
+++ stream/realrtsp/sdpplin.c (working copy)
@@ -330,7 +330,8 @@
if(filter(data,"a=StreamCount:integer;",&buf)) {
desc->stream_count=(unsigned int)atoi(buf);
- desc->stream=malloc(sizeof(sdpplin_stream_t*)*desc->stream_count);
+ desc->stream=calloc(desc->stream_count, sizeof(sdpplin_stream_t*));
+ if (!desc->stream) desc->stream_count = 0;
handled=1;
data=nl(data);
}
More information about the MPlayer-dev-eng
mailing list