[libdvdcss-devel] [PATCH] crash in dvdcss_open
Diego Biurrun
diego at biurrun.de
Fri Jul 13 18:43:42 CEST 2007
We have received bug reports of libdvdcss-related crashes in MPlayer:
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=845
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=860
The problem appears to be a stack overrun in dvdcss_open. Ivan
Kalvachev committed a fix with the following log message to MPlayer:
Fix crash on some DVDs
sprintf(tmp,"%.02x",(char)0xef); would print "ffffffef" instead of "ef",
in this case this leads to local array buffer overflow and hard to trace stack corruption.
The quick, easy & durty solution is to use (unsigned char) or (uint8_t)
Fixes Bugzilla 860 & 845
I'm attaching the patch for your consideration.
Diego
-------------- next part --------------
A non-text attachment was scrubbed...
Name: crash.diff
Type: text/x-diff
Size: 1113 bytes
Desc: not available
Url : http://mailman.videolan.org/pipermail/libdvdcss-devel/attachments/20070713/71385ce0/attachment.diff
-------------- next part --------------
_______________________________________________
libdvdcss-devel mailing list
libdvdcss-devel at videolan.org
http://mailman.videolan.org/listinfo/libdvdcss-devel
More information about the libdvdcss-devel
mailing list