Re: xine-lib and ocert-2008-008

[Matthias Hopf <mhopf () suse de>]

On Nov 22, 08 17:49:40 +0100, Thomas Viehmann wrote:
> I am not quite sure whether I can agree with Will Drewry's analysis[1]
> accompanying ocert advisory 2008-008[1]. Looking at item 1A, which Will
> says is fixed in 1.1.5, attached .mov seems to fit the case description
> and will still corrupt the memory when viewed e.g. in gxine. xine-lib
> with the attached patch seems to be more successful in preventing the
> attach (note that the file is more tuned to be small than to be a valid
> .mov, but the same works by including the bad meta in an otherwise good
> file). Note that xine_xmalloc is specifically designed to allocate
> memory when passed size 0. Upstream seems to move away from it, but...
> As Will notices, demux-qt.c has loads of unfixed problems.
>
> If anyone cares to go over the xine-lib issues (primarily the unfixed
> ones from Will's section 3), I'd much appreciate a CC. In order to make
> the analysis and verification more, I would also be interested in the
> test cases mentioned in the advisory.

I have fixed all of them (at least I believe so, but I have to verify
your test case), and we're waiting for new ocert numbers. Given that
this takes so long, and the issues are public anyway, I will probably
upstream the fixes soon. If you would verify them it would be awesome.

Matthias

-- 
Matthias Hopf <mhopf () suse de>      __        __   __
Maxfeldstr. 5 / 90409 Nuernberg   (_   | |  (_   |__          mat () mshopf de
Phone +49-911-74053-715           __)  |_|  __)  |__  R & D   www.mshopf.de