Hello, On Fri, Sep 21, 2007 at 06:57:48PM +0200, Nico Golde wrote: [...] > However in glibc < 2.5 (etch) this leads to an heap overflow > because of a missing integer overflow check in glibc < 2.5.
Did you test? > See http://cert.uni-stuttgart.de/advisories/calloc.php this > was merged into glibc in 2.5. Because this page says it was already fixed since glibc 2.3 > http://svn.mplayerhq.hu/mplayer/trunk/libmpdemux/aviheader.c?r1=23985&r2=24447 > should fix this issue. This is the wrong fix for the security issue, the glibc fix must be ported if it is not already there. Greetings, Reimar Döffinger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
