[vlc-devel] [vlc-commits] access: ftp: fix potential invalid write.
fabian.yamaguchi at cs.uni-goettingen.de
Sat Dec 6 23:00:48 CET 2014
reviewing all of the comments you made on vlc-devel, I think the
misunderstanding in these commits was that they are about replacing the
allocation on the stack with one on the heap, not about the SIZE_MAX
checks, which are esoteric. Feel free to remove them. But leaving them
in certainly does no harm.
On 12/06/2014 06:06 PM, Rémi Denis-Courmont wrote:
> Le vendredi 05 décembre 2014, 23:23:04 Fabian Yamaguchi a écrit :
>> A buffer based on the length of the string to be sent via ftp
>> was allocated on the stack and hence, it could not be verified whether the
>> allocation succeeded.
> Please explain how a string of 11 bytes or less can fail to be allocated on
> the stack, or how it will be larger than that.
>> Allocate the buffer on the heap instead to avoid
>> a potential invalid write in a subsequent memcpy.
> Please explain where the invalid write is.
More information about the vlc-devel