[MPlayer-dev-eng] mplayer exploit

Reimar Döffinger Reimar.Doeffinger at stud.uni-karlsruhe.de
Fri Mar 28 09:36:02 CET 2008


On Thu, Mar 27, 2008 at 10:45:32PM +0000, Arpi wrote:
> maybe interesting:
> 
> http://www.milw0rm.com/exploits/5307
> 
> xine already patched this few weeks ago.
> they should have been notice us ...

Oh well, since it is discussed already all over the place:
MPlayer does not have most of the problems, but there is one.
I made a patch but I had not even the time to think about it properly,
and nobody else had either. So I attach it here, maybe someone can look
at it/test it etc. If there are no comments I will just apply it
tomorrow.

Greetings,
Reimar Döffinger
-------------- next part --------------
Index: stream/realrtsp/sdpplin.c
===================================================================
--- stream/realrtsp/sdpplin.c	(revision 26295)
+++ stream/realrtsp/sdpplin.c	(working copy)
@@ -330,7 +330,8 @@
     
     if(filter(data,"a=StreamCount:integer;",&buf)) {
       desc->stream_count=(unsigned int)atoi(buf);
-      desc->stream=malloc(sizeof(sdpplin_stream_t*)*desc->stream_count);
+      desc->stream=calloc(desc->stream_count, sizeof(sdpplin_stream_t*));
+      if (!desc->stream) desc->stream_count = 0;
       handled=1;
       data=nl(data);
     }


More information about the MPlayer-dev-eng mailing list