On Fri, Sep 21, 2007 at 07:58:01PM +0200, Nico Golde wrote: > * Reimar Döffinger <[EMAIL PROTECTED]> [2007-09-21 19:41]: > > On Fri, Sep 21, 2007 at 06:57:48PM +0200, Nico Golde wrote: [...] > > > http://svn.mplayerhq.hu/mplayer/trunk/libmpdemux/aviheader.c?r1=23985&r2=24447 > > > should fix this issue. > > > > This is the wrong fix for the security issue, the glibc fix must be > > ported if it is not already there. > > Huh? This is at least the right fix for the NULL pointer > dereference. Not?
Yes, above patch fixes a NULL pointer dereference and applying it can't hurt. With "security issue" above I _only_ meant the heap overflow, above patch fixes that one as well (since it is "the same" problem, just shows itself differently), but it is not the right way to fix that aspect. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
