[MPlayer-dev-eng] [PATCH] safe lzo decompression should be used
Erik Slagter
erik at slagter.name
Fri Apr 14 19:33:17 CEST 2006
On Sun, 2006-04-09 at 15:41 +0200, Guillaume POIRIER wrote:
> > Anyway apply this patch and 10l to whoever wrote the code... but
> > 10000000000l to whoever wrote the library and named the functions
> > lzo1x_decompress and lzo1x_decompress_safe rather than
> > lzo1x_decompress_idiotic_insecure_shit and lzo1x_decompress.
>
> It's Tilmann Bitterberg:
> http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/main/libmpcodecs/vd_lzo.c
Little chance he will react, he quit as an active (transcode) developer
some years ago. And the buffer overflows are indeed notorious in
transcode :-(
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2771 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/attachments/20060414/4138c9c2/attachment.bin>
More information about the MPlayer-dev-eng
mailing list