[vlc-devel] CVE-2019-13602 Heap Based Buffer Overflow Vulnerability
Francois Cartegnie
fcvlcdev at free.fr
Tue Jul 16 19:26:57 CEST 2019
Le 16/07/2019 à 19:04, Rémi Denis-Courmont a écrit :
> Le tiistaina 16. heinäkuuta 2019, 19.58.57 EEST Francois Cartegnie a écrit :
>> Le 16/07/2019 à 18:37, Rémi Denis-Courmont a écrit :
>>> Also smart asses will note that block_Alloc() always adds a margin of
>>> 32-bytes at the end of the block buffer. So, in general, the worse
>>> outcome of a read "overflow" of 4 bytes is leakage of memory content. And
>>> in this specific case, literally nothing will happen other than the code
>>> being ugly.
>>
>> So you're not the one to disagree to use block_t here ?
>
> Your obvious trolling has been reported.
>
> Also plonk.
>
You obviously know that block_t w/padding (for frames) will not stay there.
And really want to see a troll here ?
Using "Also smart asses" means the "other" isn't because otherwise if he
knew he wouldn't have pointed the issue.
I see disrespect (you would call it other way) to another dev.
If I were you I would have called COC.
--
Francois Cartegnie
VideoLAN - VLC Developer
More information about the vlc-devel
mailing list