[MPlayer-dev-eng] Security Advisory

Alexander Strasser eclipse7 at gmx.net
Sat May 21 20:58:01 CEST 2005


Reimar Döffinger wrote:
> Hi,
> On Sat, May 21, 2005 at 01:36:59PM +0200, Guillaume POIRIER wrote:
> > I'll post more reports given by other static analysis tools if my
> > colleague happens to try more of those tools. I'd be quite interested
> > by what would report the Stanford checker.
> 
> Yes, that would be interesting, since this tool has about the same
> intelligence as grep... At least I found its output completely useless,
> especially the suggestion to replace strncat by strlcat is great - it
> will make sure that MPlayer wont compile anymore on almost all supported
> systems (yes, that's a way to make it safe I have to admit...)

  Don't forget that we have strl* implementatons in osdep.

  Alex (beastd)




More information about the MPlayer-dev-eng mailing list