[gstreamer-bugs] [Bug 384989] misparsing of Real Media mux leads to buffer overrun
GStreamer (bugzilla.gnome.org)
bugzilla-daemon at bugzilla.gnome.org
Tue Dec 12 00:43:09 PST 2006
Do not reply to this via email (we are currently unable to handle email
responses and they get discarded). You can add comments to this bug at
http://bugzilla.gnome.org/show_bug.cgi?id=384989
GStreamer | gst-plugins-ugly | Ver: HEAD CVS
------- Comment #2 from Roland Kay 2006-12-12 08:41 UTC -------
Note: While this patch is, hopefully, an improvement. The mux file is an
untrusted source of information. Thus, the length field might be incorrect and
this ought to be guarded against.
For example, with the above patch applied, if I use a hex editor to change the
length field from 0x00000000 to 0xffffffff this is the result:
$> ./xcfile crash.rm out.mp3
GLib-ERROR **: gmem.c:141: failed to allocate 4294967295 bytes
aborting...
Aborted (core dumped)
--
Configure bugmail: http://bugzilla.gnome.org/userprefs.cgi?tab=email
More information about the Gstreamer-bugs
mailing list