[Bug 737591] rtpgstdepay: buffer overread
GStreamer (bugzilla.gnome.org)
bugzilla at gnome.org
Thu Oct 2 13:00:07 PDT 2014
https://bugzilla.gnome.org/show_bug.cgi?id=737591
GStreamer | gst-plugins-good | git
Tim-Philipp Müller <t.i.m> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |t.i.m at zen.co.uk
--- Comment #5 from Tim-Philipp Müller <t.i.m at zen.co.uk> 2014-10-02 12:40:24 UTC ---
Well, if it's not 0-terminated it's by definition not a valid string, so
arguably in the 0.0000001% of the cases where we process untrusted data we
might just as well go through the trouble of checking. It would also be ok to
just ignore the input then in such code, arguably. So not sure if we really
need to add new API for this one use case.
If we do, do we want to keep the end out argument? (Which is only used
internally by gstreamer when deserializing caps I think) (And which shouldn't
have been in the from_string() API in the first place).
--
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
More information about the gstreamer-bugs
mailing list