[vlc-devel] CVE-2019-13602 Heap Based Buffer Overflow Vulnerability

Rémi Denis-Courmont remi at remlab.net
Tue Jul 16 19:04:14 CEST 2019


Le tiistaina 16. heinäkuuta 2019, 19.58.57 EEST Francois Cartegnie a écrit :
> Le 16/07/2019 à 18:37, Rémi Denis-Courmont a écrit :
> > Also smart asses will note that block_Alloc() always adds a margin of
> > 32-bytes at the end of the block buffer. So, in general, the worse
> > outcome of a read "overflow" of 4 bytes is leakage of memory content. And
> > in this specific case, literally nothing will happen other than the code
> > being ugly.
> 
> So you're not the one to disagree to use block_t here ?

Your obvious trolling has been reported.

Also plonk.

-- 
Реми Дёни-Курмон
http://www.remlab.net/





More information about the vlc-devel mailing list