[MPlayer-DOCS] CVS: homepage/src news.src.en,1.234,1.235
Attila Kinali CVS
syncmail at mplayerhq.hu
Fri Aug 26 21:46:46 CEST 2005
CVS change done by Attila Kinali CVS
Update of /cvsroot/mplayer/homepage/src
In directory mail:/var2/tmp/cvs-serv21933
Modified Files:
news.src.en
Log Message:
post a small interims news entry about the buffer overflow
Index: news.src.en
===================================================================
RCS file: /cvsroot/mplayer/homepage/src/news.src.en,v
retrieving revision 1.234
retrieving revision 1.235
diff -u -r1.234 -r1.235
--- news.src.en 21 Aug 2005 09:31:01 -0000 1.234
+++ news.src.en 26 Aug 2005 19:46:43 -0000 1.235
@@ -6,6 +6,23 @@
<h1>News</h1>
<div class="newsentry">
+<h2>
+ <a name="server_thanks">2005.08.26, Friday :: Heap buffer overflow in ad_pcm.c</a>
+ <br><span class="poster">posted by Attila</span>
+</h2>
+There is a bug which, depending on configuration, can lead to a heap buffer overflow.
+If and under which circumstances this is exploitable is unclear to us as of now.
+We have found a file that is supposed exploit it but could not make it work.
+Still we do not want to put you at risk by waiting longer to publish this.
+<a href="http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/main/libmpcodecs/ad_pcm.c.diff?r1=1.18&r2=1.19">Here</a>
+is a patch that fixes the problem.
+Adding "ac=-pcm," (notice the trailing ',') to the config file is a quick fix that should keep you
+safe as long as you don't use the -ac option on the commandline. Though you will not be able to play uncompressed
+audio then.
+</div>
+
+
+<div class="newsentry">
<h2>
<a name="server_thanks">2005.08.17, Wednesday :: thanks</a>
More information about the MPlayer-DOCS
mailing list