[MPlayer-dev-eng] [PATCH] fix to codec memory mapper to prevent segfaults

[Reimar Döffinger]

Hi,

> Sorry for the length of this mail, but the patch is low level so I thought you
> might need some evidence.
> 
> After recently replacing all my installed codecs with those from
> mplayer-codecs-extralite-2.0-2.i386.rpm, the GUI MPlayer regularly segfaults
> when playing wmv8 files (debugging output below; the movie is
> http://www.chanimal.com/videomaker/Talent_Show_Promo_-_256kbs.wmv).
> 
> I've tracked this down to the mapping of the wmvdmod.dll codec (previously I
> had wmv8ds32.ax, so this didn't happen).  The problem is that the base address
> of wmvdmod.dll makes it obliterate the libc heap if this has grown too much
> before the codec is loaded.  This is more likely to happen in the GUI, but is
> a general problem and is possibly exploitable for remote code execution too.
> 
> The attached patch fixes the problem on Linux by making VirtualAlloc avoid
> already-allocated addresses, something like it does in Win32.  I say
> "something like" because for efficiency it only records the addresses the
> first time, rather than for each allocation request, but that is sufficient in
> this case.

Might fix bugzilla bug Nr. 12. Attached it there and asked reported to 
test it.

Greetings,
Reimar Döffinger