Pierre Habouzit ha scritto:
xine and vlc that use debian libpmeg2 instead do not segfault.
just for the record: libxine1 ships its own internal version of libmpeg2
it is xineplug_decode_mpeg2.la
a.
signature.asc
Description: OpenPGP digital signature
set severity normal
tag -security
tag +pending
thanks
this was not a security risk
here is what I understand
MPlayer uses custom buffers to drive libmpeg2 (it is a feature of
libmpeg2); there is an array of pointers to buffers, called
mpi-planes , allocated with calloc(), so they are all
On Wed, Dec 13, 2006 at 04:00:02PM +0100, Pierre Habouzit wrote:
Package: mplayer
Version: 1.0~rc1-2
Severity: grave
Tags: security
Justification: user security hole
While playing http://madism.org/~madcoder/pub/foobar.mpeg mplayer
segfaults, somewhere in mpeg2_idct_copy_mmx.
xine
Pierre Habouzit ha scritto:
FYI, the patch to compile against debian's libmpeg2.a (yes using your
beloved static compiling) is ridiculously small (see attachment).
it is also ridiculously useless
the MPlayer version of libmpeg2 differs heavily from the one you propose
for example, MPlayer
At 1166086593 time_t, [EMAIL PROTECTED] (A Mennucc) wrote:
my opinion so far is that this is not a security problem
this is my feeling: it may be that the mpeg stream does not contain
proper motion-compensate data, or an I frame;
Security is not a matter of opinion nor feelings.
Cheers
--
Package: mplayer
Version: 1.0~rc1-2
Severity: grave
Tags: security
Justification: user security hole
While playing http://madism.org/~madcoder/pub/foobar.mpeg mplayer
segfaults, somewhere in mpeg2_idct_copy_mmx.
xine and vlc that use debian libpmeg2 instead do not segfault.
I'm not 100%
here is some more info:
$ gdb ./mplayer
This GDB was configured as x86_64-linux-gnu...Using host libthread_db
library /lib/libthread_db.so.1.
(gdb) run ~/mplayer/bench/foobar.mpeg
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47190863550720 (LWP 1368)]
On Wed, Dec 13, 2006 at 05:53:03PM +0100, A Mennucc wrote:
here is some more info:
$ gdb ./mplayer
This GDB was configured as x86_64-linux-gnu...Using host libthread_db
library /lib/libthread_db.so.1.
(gdb) run ~/mplayer/bench/foobar.mpeg
Program received signal SIGSEGV, Segmentation
Pierre Habouzit ha scritto:
On Wed, Dec 13, 2006 at 05:53:03PM +0100, A Mennucc wrote:
here is some more info:
$ gdb ./mplayer
This GDB was configured as x86_64-linux-gnu...Using host libthread_db
library /lib/libthread_db.so.1.
(gdb) run ~/mplayer/bench/foobar.mpeg
Program received
On Wed, Dec 13, 2006 at 08:56:52PM +0100, A Mennucc wrote:
Pierre Habouzit ha scritto:
On Wed, Dec 13, 2006 at 05:53:03PM +0100, A Mennucc wrote:
we should understand why ref==0
anyway I will add an assert
O_o *blink* *blink*
do you know that assert is a macro that may be
10 matches
Mail list logo
