On 2012/08/21 20:01, Jurgen Kramer <gtmkra...@xs4all.nl> wrote: > > Can you use dsdlib_tag_id3() for a DoS attack? This looks like it > > could easily cause a stack overflow: > > > > + count = is->size - is->offset; > > + id3_byte_t dsdid3[count]; > > What is your concern here? The allocation of dsdid3 using count or the > value of count being calculated that way (or both)?
The former. A malicious file can cause a stack overflow. Imagine a file that makes MPD try to allocate a few gigabytes of heap. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Musicpd-dev-team mailing list Musicpd-dev-team@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/musicpd-dev-team
