Opened 12 years ago
Closed 12 years ago
#2066 closed defect (fixed)
[PATCH] mplayer buffer overflow pvr://
| Reported by: | compn | Owned by: | reimar |
|---|---|---|---|
| Priority: | normal | Component: | core |
| Version: | HEAD | Severity: | normal |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Reproduced by developer: | no | Analyzed by developer: | no |
Description
<meskalito> um, i found a buffer overflow in latest mplayer
<meskalito> stream/stream_pvr.c:384
<meskalito> name is char[8] , and it tries to snprintf up to 256 bytes there
<meskalito> name is defined in stream/stream_pvr.c:93
Attachments (1)
Change History (2)
by , 12 years ago
| Attachment: | file_2066.txt added |
|---|
comment:1 by , 12 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Thanks.
Fixed differently in r34895.
Increasing the size to 256 bytes seems too extreme to me.
Maybe it should be a bit larger, I have no real opinion on this but that would better be in a different patch IMHO.
I also suspect that the code should rather error out than just truncate, what command-line did you use that triggered this?
Also the snprintf would at most print 13 bytes (though not as sure about the av_strlcpy above it), which kind of limits the damage it could do.
Note:
See TracTickets
for help on using tickets.
patch