Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#13 Stack corruption in EbmlElement::FindNextID

open
nobody
libebml (1)
5
2012-12-07
2012-06-04
Anonymous
No

Visual Studio 2010 reports stack corruption near varible PossibleId in method EbmlElement::FindNextID, when trying to read from zero-filled stream.
The function returns, when condition "if (++PossibleID_Length > 4)" on line 282 in file EbmlElement.cpp (trunk, revision 822) evaluates as true. Variable PossibleID_Length equals to 5 after increment, this means that on line 278 "DataStream.read(&PossibleId[PossibleID_Length], 1);" PossibleID_Length is equal to 4, and write beyond array bound (PossibleId size is 4) has been performed.

Discussion

  • xuzq7t <a href="http://rohjxrgprebu.com/">rohjxrgprebu</a>, [url=http://ftmxuuvtyhdg.com/]ftmxuuvtyhdg[/url], [link=http://gpkzbwvsxnng.com/]gpkzbwvsxnng[/link], http://qifwwmfqomki.com/

     
  • rnHpew <a href="http://kwzxqgxjijgy.com/">kwzxqgxjijgy</a>, [url=http://pfmdaszjlovt.com/]pfmdaszjlovt[/url], [link=http://aqmchyarvrax.com/]aqmchyarvrax[/link], http://zajnxuvuqjyg.com/

     
  • R65OSi <a href="http://isvafwqjqwuh.com/">isvafwqjqwuh</a>, [url=http://pggqucgcnizz.com/]pggqucgcnizz[/url], [link=http://agbwewdzfcfb.com/]agbwewdzfcfb[/link], http://zgqekfcwoyuc.com/

     
  • PGbuba <a href="http://mmtjhzmxakoq.com/">mmtjhzmxakoq</a>, [url=http://grtzrzwbyutu.com/]grtzrzwbyutu[/url], [link=http://vkgnlgojbfqv.com/]vkgnlgojbfqv[/link], http://ugydqihrbpim.com/