[MPlayer-cvslog] CVS: main/libmpdemux asf.h, 1.18, 1.19 asfheader.c, 1.47, 1.48 demux_asf.c, 1.45, 1.46

Ivan Kalvachev ikalvachev at gmail.com
Fri Mar 31 20:26:11 CEST 2006

2006/3/31, Attila Kinali <attila at kinali.ch>:
> On Thu, 30 Mar 2006 11:14:26 +0200
> Reimar Döffinger <Reimar.Doeffinger at stud.uni-karlsruhe.de> wrote:
> > buffer is still char * instead of uint8_t * though.
> > Not to mention that I don't think these are the only bugs left in the
> > asf demuxer (last time I tried playing an ASF stream generated by VLC it
> > segfaulted left and right...)
> If this isnt a fix for the buffer overflow, what are we
> going to do with the security advisory?

I fixed it already. please check my commit. also read my explanetion
for this particular bug and why it is not exploitable (at all) in the
mplayer-users maillist. Well we were lucky with this one, but that's

and please kick diego to make mplayer-security

More information about the MPlayer-cvslog mailing list