[libdvdcss-devel] [PATCH] crash in dvdcss_open
Diego Biurrun
diego at biurrun.de
Sun Jul 29 16:08:22 CEST 2007
On Sun, Jul 29, 2007 at 11:15:54AM +0100, Steve Lhomme wrote:
>
> Diego Biurrun wrote:
>> We have received bug reports of libdvdcss-related crashes in MPlayer:
>> http://bugzilla.mplayerhq.hu/show_bug.cgi?id=845
>> http://bugzilla.mplayerhq.hu/show_bug.cgi?id=860
>> The problem appears to be a stack overrun in dvdcss_open. Ivan
>> Kalvachev committed a fix with the following log message to MPlayer:
>> Fix crash on some DVDs
>> sprintf(tmp,"%.02x",(char)0xef); would print "ffffffef" instead of "ef",
>> in this case this leads to local array buffer overflow and hard to trace
>> stack corruption.
>> The quick, easy & durty solution is to use (unsigned char) or (uint8_t)
>> Fixes Bugzilla 860 & 845
>> I'm attaching the patch for your consideration.
>
> Patched
>
> Was there another one ?
Yes, we have another patch in our copy of libdvdcss, but we are not yet
completely sure what to make of it...
Diego
_______________________________________________
libdvdcss-devel mailing list
libdvdcss-devel at videolan.org
http://mailman.videolan.org/listinfo/libdvdcss-devel
More information about the libdvdcss-devel
mailing list