Opened 8 years ago

Closed 8 years ago

#2066 closed defect (fixed)

[PATCH] mplayer buffer overflow pvr://

Reported by: compn Owned by: reimar
Priority: normal Component: core
Version: HEAD Severity: normal
Keywords: Cc:
Blocked By: Blocking:
Reproduced by developer: Analyzed by developer:

Description

<meskalito> um, i found a buffer overflow in latest mplayer
<meskalito> stream/stream_pvr.c:384
<meskalito> name is char[8] , and it tries to snprintf up to 256 bytes there
<meskalito> name is defined in stream/stream_pvr.c:93

Attachments (1)

file_2066.txt (745 bytes) - added by compn 8 years ago.
patch

Download all attachments as: .zip

Change History (2)

Changed 8 years ago by compn

patch

comment:1 Changed 8 years ago by reimar

  • Resolution set to fixed
  • Status changed from new to closed

Thanks.
Fixed differently in r34895.
Increasing the size to 256 bytes seems too extreme to me.
Maybe it should be a bit larger, I have no real opinion on this but that would better be in a different patch IMHO.
I also suspect that the code should rather error out than just truncate, what command-line did you use that triggered this?
Also the snprintf would at most print 13 bytes (though not as sure about the av_strlcpy above it), which kind of limits the damage it could do.

Note: See TracTickets for help on using tickets.