[vlc-devel] Re: vlc: svn commit r17764 (md)

Marian Durkovic md at bts.sk
Wed Nov 15 09:20:43 CET 2006

On Tue, Nov 14, 2006 at 10:00:42PM +0200, R?mi Denis-Courmont wrote:
> Le mardi 14 novembre 2006 21:25, Subversion daemon a ?crit :
> > r17764 | md | 2006-11-14 20:25:56 +0100 (Tue, 14 Nov 2006) | 2 lines
> > Changed paths:
> >    M /branches/0.8.6/modules/services_discovery/sap.c
> >
> > Fix crash with compressed SAP announcements. (closes #765)
> >
> >  > http://trac.videolan.org/vlc/changeset/17764
> What the heck? your "fix" to the *STABLE* branch re-introduced a buffer 
> overflow that was fixed a long time ago there. Can't you try to 
> understand why the code changed from 0.8.4 before you switch back to 
> it?

Well, this "buffer overflow" would *in pure theory* kick in when someone
would intentionally send a malicious message with exact knowledge of the
details for the exploit. It never happened - but the fix for this
theoretical buffer overflow always crashed VLC within 5 seconds with
NORMAL (legitimate) SAP traffic.
My personal preference is to have in stable branch code that works
fine for a year, which obviously does not prevent anyone to implement
something better. But reverting it back to non-workable state is NOT the
way to go. 

> Besides, you were already advised to test in trunk.

Which is not possible since the trunk is changing rapidly, sometimes
does not compile, and SAP on Win32 in trunk was completely unworkable
due to another bug.
Bugfixes for coming release need to be developed against something that's
enough stable for the purpose. Trunk definitely isn't at the moment.

    With kind regards,


This is the vlc-devel mailing-list, see http://www.videolan.org/vlc/
To unsubscribe, please read http://developers.videolan.org/lists.html

More information about the vlc-devel mailing list