[vlc-devel] CVE-2019-13602 Heap Based Buffer Overflow Vulnerability

[Francois Cartegnie]

Le 16/07/2019 à 18:37, Rémi Denis-Courmont a écrit :

> Also smart asses will note that block_Alloc() always adds a margin of 32-bytes 
> at the end of the block buffer. So, in general, the worse outcome of a read 
> "overflow" of 4 bytes is leakage of memory content. And in this specific case, 
> literally nothing will happen other than the code being ugly.

So you're not the one to disagree to use block_t here ?

-- 
Francois Cartegnie
VideoLAN - VLC Developer