I have two hypotheses in mind: --------------- hypothesis 1 Aurelien Jarno ha scritto:
> mplayer segfaults on a file I have (probably badly) downloaded from the
> Internet. Note that other video applications in Debian (vlc, kaffeine)
> do not segfault. It is very likely a security problem.
> Sorry, but I don't have the URL anymore, if I remember correctly it was
> a russian site. The original name is d3efc17df8c6b.mpg. This video is
> supposed to show a L298 chip burning. This chip is supposed to be
> thermally protected, but I also burnt one :(
-------------- hypothesis 2
The file that you sent me is almost similar to the file that Pierre sent
me in bug 402922 : the two files have the same length, and moreover
$ cmp -l mplayer-{8,7}-crash.mpeg | wc -l
4365
a change of 4365 bytes on a total of 224Kb is quite low...
it is so low that it is virtually impossible that those two files are
found independently on the internet
so the second hypothesis is :
you downloaded Pierre example, altered some bytes out of it, until you
found a file that could crash mplayer (but not some other programs)
Even the two bug reports are soooo similar:
Pierre:
> xine and vlc that use debian libpmeg2 instead do not segfault.
> I'm not 100% sure it's a security problem, but it's very likely.
Aurelien:
> Note that other video applications in Debian (vlc, kaffeine)
> do not segfault. It is very likely a security problem.
--------------
unfortunately, you cannot find any more the original URL ... so we
cannot really disprove hypothesis 1 ....
whereas, you see , hypothesis 2 is soooo plausible....
a.
signature.asc
Description: OpenPGP digital signature
