[vlc-devel] [PATCH] M3u & pls demux: Check the size of each file line to prevent flooding the playlist.
Adrien Maglo
magsoft at videolan.org
Wed Apr 24 13:09:44 CEST 2013
Hello,
The exploit attached to the ticket #7361 shows that it is possible to
freeze VLC with a corrupted playlist file containing very long lines.
VLC indeed outputs to the logs a message giving the name of the media,
which is extremely long. This is not a security issue but as logging is
a costly operation, outputting this message takes a lot of time and
freezes VLC.
The attached patch proposes to set a maximum line length for the M3U and
PLS playlist format. It therefore prevent the playlist from being
flooded using these demux.
--
MagSoft
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-M3u-pls-demux-Check-the-size-of-each-file-line-to-pr.patch
Type: text/x-patch
Size: 2384 bytes
Desc: not available
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20130424/7e4e23ca/attachment.bin>
More information about the vlc-devel
mailing list