Re: MacroMedia Flash/Shockwave plug-in on linux : memcpy overrun problem.

[Solar Designer <solar () FALSE COM>]

> I have been using libsafe on linux and found that
>  - netscape plug-in for Flash/Shockwave plug-in seems to have
>    memcpy overrun problem.

Someone has already posted about this in June.  I've replied
privately explaining that this may not be a bug.  I am CC'ing
the list this time.

libsafe depends on all components of programs you use to be compiled
with frame pointers.  If gcc's -fomit-frame-pointer was used on at
least one source file in at least one software component (such as a
browser plug-in), then libsafe's checks do the wrong thing and you
may in fact be introducing DoS possibilities by using libsafe.

> But for the last one, dated Aug 14, I know what URL caused the abort
> exactly. This prompted me to write this article.
> (Presumably, those who have access to the source code of
> the Flash/Shockwave plug-in should be able to fix this problem easily by
> trying the URL.)
>
>       URL:
>       http://www.washingtonpost.com/wp-srv/photo/conventions/

Have you tried visiting this URL without libsafe installed?  If it
still causes a crash, then you really have something to report.

Signed,
Solar Designer