[MPlayer-cvslog] CVS: main/libmpdemux asf.h, 1.18, 1.19 asfheader.c, 1.47, 1.48 demux_asf.c, 1.45, 1.46

Ivan Kalvachev ikalvachev at gmail.com
Thu Mar 30 10:12:55 CEST 2006

2006/3/30, Attila Kinali <attila at kinali.ch>:
> On Thu, 30 Mar 2006 01:25:11 +0200 (CEST)
> syncmail at mplayerhq.hu (Alban Bedel CVS) wrote:
> > Move global vars used for header parsing, etc to dewux->priv as it should
> > be. Also cleanup a bit signedness.
> Does this fix the exploit stuff?
> If so, could you write an advisory, a patch and put everything online?

For sure it does not fix the bug. As the buffer is still signed char,
loading the argument will first extend the sign.
It is even possible that change to unsigned to have actually open the
posibility of exploitation.

More information about the MPlayer-cvslog mailing list