[vlc-devel] CVE-2019-13602 Heap Based Buffer Overflow Vulnerability

Francois Cartegnie fcvlcdev at free.fr
Tue Jul 16 19:26:57 CEST 2019

Le 16/07/2019 à 19:04, Rémi Denis-Courmont a écrit :
> Le tiistaina 16. heinäkuuta 2019, 19.58.57 EEST Francois Cartegnie a écrit :
>> Le 16/07/2019 à 18:37, Rémi Denis-Courmont a écrit :
>>> Also smart asses will note that block_Alloc() always adds a margin of
>>> 32-bytes at the end of the block buffer. So, in general, the worse
>>> outcome of a read "overflow" of 4 bytes is leakage of memory content. And
>>> in this specific case, literally nothing will happen other than the code
>>> being ugly.
>> So you're not the one to disagree to use block_t here ?
> Your obvious trolling has been reported.
> Also plonk.

You obviously know that block_t w/padding (for frames) will not stay there.

And really want to see a troll here ?

Using "Also smart asses" means the "other" isn't because otherwise if he
knew he wouldn't have pointed the issue.

I see disrespect (you would call it other way) to another dev.
If I were you I would have called COC.

Francois Cartegnie
VideoLAN - VLC Developer

More information about the vlc-devel mailing list