[MPlayer-dev-eng] [patch] backports/fixes from uoti demux_mkv.c for comp_algo==3
Reimar Döffinger
Reimar.Doeffinger at gmx.de
Tue Aug 17 20:05:04 CEST 2010
On Sat, Aug 14, 2010 at 04:46:29PM +0400, Yuriy Kaminskiy wrote:
> Reimar Döffinger wrote:
> > On Sat, Aug 14, 2010 at 03:38:24AM +0400, Yuriy Kaminskiy wrote:
> >> PS By the way, I quickly looked at lavf matroska demuxer, EXACTLY SAME integer
> >> overflow problems present there...
> >
> > I don't see that. I think there is one, but at least
> > 1) It is not so extremely obvious as the one in the first
> > patch
> I'd say less noticeable bugs are worse :-)
Here for two reasons not:
1) Easily noticeable bugs means the code was never
properly review and it's likely there's a lot more like them
2) They can be easily spotted by anyone who tries a target
attack, and from a security standpoint they are thus indeed
worse - to the degree that you consider "security by obscurity"
better than none at all.
More information about the MPlayer-dev-eng
mailing list