[MPlayer-cvslog] r26644 - trunk/libmpdemux/demux_asf.c

Michael Niedermayer michaelni at gmx.at
Fri May 2 18:48:43 CEST 2008


On Fri, May 02, 2008 at 08:46:28PM +0400, Evgeniy Stepanov wrote:
> On Friday 02 May 2008 19:48:36 Michael Niedermayer wrote:
> > On Fri, May 02, 2008 at 03:33:14PM +0200, eugeni wrote:
> > > Author: eugeni
> > > Date: Fri May  2 15:33:14 2008
> > > New Revision: 26644
> > >
> > > Log:
> > > Check ASF packet size before calling demux_asf_read_packet. Fixes
> > > segfault with damaged ASF files.
> 
> [...]
> 
> > How does adding assert() prevent a segfault?
> 
> Huh? By leaving the program immediately instead of segfaulting later.

What if asserts are disabled?
Besides assert() is not the proper way to check for invalid files. Its like
a wordprocessor checking for spelling errors with assert().


> 
> > And what kind of segfault is this? The writing data from the file outside
> > the buffer type or is it just reading? Not that i think that it would take
> > more than  a minute to find a way to make the code write out of the
> > buffers.
> >
> > [...]
> 
> Damaged files produce random packet lengths, sometimes negative. This results 
> in writing outside of the demux_packet's buffer. With assert it is at least 
> not exploitable.

see above

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

When you are offended at any man's fault, turn to yourself and study your
own failings. Then you will forget your anger. -- Epictetus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/mplayer-cvslog/attachments/20080502/72fd86bd/attachment.pgp>


More information about the MPlayer-cvslog mailing list