[MPlayer-dev-eng] [patch] backports/fixes from uoti demux_mkv.c for comp_algo==3

Reimar Döffinger Reimar.Doeffinger at gmx.de
Tue Aug 17 20:05:04 CEST 2010


On Sat, Aug 14, 2010 at 04:46:29PM +0400, Yuriy Kaminskiy wrote:
> Reimar Döffinger wrote:
> > On Sat, Aug 14, 2010 at 03:38:24AM +0400, Yuriy Kaminskiy wrote:
> >> PS By the way, I quickly looked at lavf matroska demuxer, EXACTLY SAME integer
> >> overflow problems present there...
> > 
> > I don't see that. I think there is one, but at least
> > 1) It is not so extremely obvious as the one in the first
> >    patch
> I'd say less noticeable bugs are worse :-)

Here for two reasons not:
1) Easily noticeable bugs means the code was never
   properly review and it's likely there's a lot more like them
2) They can be easily spotted by anyone who tries a target
   attack, and from a security standpoint they are thus indeed
   worse - to the degree that you consider "security by obscurity"
   better than none at all.


More information about the MPlayer-dev-eng mailing list