[MPlayer-dev-eng] ASX Regression
Alex Beregszaszi
alex at fsn.hu
Mon Oct 6 18:31:16 CEST 2003
Hi,
> Fix the playlist parsing code to make sure it immediately fails on
> non-text data and make sure it has no exploitable overflows and crap,
> so it doesn't make mplayer hang forever on unrecognized files and
> doesn't open up people who aren't using streaming stuff to
> vulnerabilities.
The playlist code SHOULD ALWAYS check for alphanumeric characters, it
shouldn't allow binary bytes in urls..
> Make fallback optional and disabled by default, and have mplayerplugin
> pass -fallback-to-playlist or whatever when calling mplayer.
An option like this should be added.
--
Alex Beregszaszi <alex at fsn.hu>
(MPlayer Core Developer -- http://www.mplayerhq.hu/)
More information about the MPlayer-dev-eng
mailing list