[vlc-devel] stream_out: rtp: fix invalid memory access (write)
Rémi Denis-Courmont
remi at remlab.net
Sun Dec 7 17:25:18 CET 2014
Hi,
Le samedi 06 décembre 2014, 22:27:55 Fabian Yamaguchi a écrit :
> I sent this information to security at videolan.org as suggested by
> Jean-Baptiste Kempf. I then also sent the patches there. The fact that
> the commits are now discussed on vlc-devel is not under my control.
Look, I do not really care if it's the fault of the author, the committer or
whomever. The problem is that those patches were proposed and merged with
obviously neither proper self-review nor proper third party review.
And if you claim that something has a vulnerability, you have better be ready
to prove it.
> I agree that the SIZE_MAX check is esoteric as a string that spans the
> entire address space will not exist on the target systems. I just added
> it to ensure that an integer overflow cannot occur in the allocation
> regardless of what funny changes the platform introduces over time. Feel
> free to discard the check, if it hurts your eyes, however, the point of
> the patch is to ensure that memory is allocated on the heap and not the
> stack.
No, it is not *only* about SIZE_MAX.
I still fail to see how there can be a stack overflow in SAP and in FTP.
I also strongly suspect the stream_Size() patch will raise an issue in
Coverity because the fix is somewhat wrong.
--
Rémi Denis-Courmont
http://www.remlab.net/
More information about the vlc-devel
mailing list