Hi, * Reimar Döffinger <[EMAIL PROTECTED]> [2007-09-21 19:41]: > On Fri, Sep 21, 2007 at 06:57:48PM +0200, Nico Golde wrote: > [...] > > However in glibc < 2.5 (etch) this leads to an heap overflow > > because of a missing integer overflow check in glibc < 2.5. > > Did you test? > > > See http://cert.uni-stuttgart.de/advisories/calloc.php this > > was merged into glibc in 2.5. > > Because this page says it was already fixed since glibc 2.3
Args, thank you. I was wrong with this. > > http://svn.mplayerhq.hu/mplayer/trunk/libmpdemux/aviheader.c?r1=23985&r2=24447 > > should fix this issue. > > This is the wrong fix for the security issue, the glibc fix must be > ported if it is not already there. Huh? This is at least the right fix for the NULL pointer dereference. Not? Sure it has to be ported if the integer overflow would be in 2.5 and not in 2.3. We treat DoS bugs as security issues with low priority. Kind regards and thanks for looking into this Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpbMW1sNi0eA.pgp
Description: PGP signature
