[vlc-devel] subtitle processing overflows
Michal Luczaj
regenrecht at o2.pl
Tue Jun 26 16:21:11 CEST 2007
Hello,
About a week ago I've sent this to fenrir at via, but it seems that I was
ignored or got into spam box or whatever else. Anyway, this is my second
try. (yes, tested with 0.8.6c)
Please note, I'm not vlc-devel subscriber.
-------- Original Message --------
Hello there,
I was trying to report this the proper way (via trac), but after joining
IRC channel no one was willing to validate my account, so: here I am.
Sorry for bothering. I'll try to make it fast.
I've checked on http://www.videolan.org/team/ who is responsible for
subtitles and that's why I writing to you.
The thing is that if you take a look on modules/demux/subtitle.c, you
can see that sscanf() is used in few places in rather insecure way,
without any bounds checking, for example here:
if( sscanf( s, "{%d}{}%[^\r\n]", &i_start, buffer_text ) == 2 || ...
This makes stack based buffer overflow possible. So I thought that maybe
you would like to know about it.
Once again, sorry for bothering and I hope this wasn't already well
known issue.
cheers,
michal
_______________________________________________
vlc-devel mailing list
vlc-devel at videolan.org
http://mailman.videolan.org/listinfo/vlc-devel
More information about the vlc-devel
mailing list