[vlc-devel] stream_out: rtp: fix invalid memory access (write)

Fabian Yamaguchi fabian.yamaguchi at cs.uni-goettingen.de
Sat Dec 6 22:27:55 CET 2014


I sent this information to security at videolan.org as suggested by
Jean-Baptiste Kempf. I then also sent the patches there. The fact that
the commits are now discussed on vlc-devel is not under my control.

I agree that the SIZE_MAX check is esoteric as a string that spans the
entire address space will not exist on the target systems. I just added
it to ensure that an integer overflow cannot occur in the allocation
regardless of what funny changes the platform introduces over time. Feel
free to discard the check, if it hurts your eyes, however, the point of
the patch is to ensure that memory is allocated on the heap and not the

Kind Regards,

On 12/06/2014 10:14 PM, Rémi Denis-Courmont wrote:
> 	Hello,
> Le samedi 06 décembre 2014, 22:09:07 Fabian Yamaguchi a écrit :
>> we supplied a test-case that triggers this bug in our original report.
> And how are people supposed to guess that? It was not sent to vlc-devel nor to 
> the original author of the code (Pierre Y., I guess).
>> I
>> have attached it to this e-mail once more, including instructions on how
>> to trigger the flaw and a stack trace.
> And I still fail to see how that relates to SIZE_MAX...

More information about the vlc-devel mailing list