From: Lutz K. <Lutz@Koschorreck.com> - 2009-02-09 15:57:19
|
Hello, today I updated xine-lib to 1.1.16.1. Since using this version, pvr:// input is broken. I found out that buf->size is used for checking directly after calling buffer_pool_alloc().( + if (todo < 0 || todo > buf->size) + return NULL;+) But buf->size is set to 0 in buffer_pool_alloc(), so the plugin_read_block function will ever return NULL. I think all touched files within "Fix for CVE-2008-5239" should be broken too. Could that be possible? Has some one recognized same behavior? Best regards Lutz |
From: Darren S. <li...@yo...> - 2009-02-09 16:43:01
|
I demand that Lutz Koschorreck may or may not have written... > today I updated xine-lib to 1.1.16.1. > Since using this version, pvr:// input is broken. > I found out that buf->size is used for checking directly after calling > buffer_pool_alloc().( + if (todo < 0 || todo > buf->size) + return NULL;+) > But buf->size is set to 0 in buffer_pool_alloc(), so the plugin_read_block > function will ever return NULL. > I think all touched files within "Fix for CVE-2008-5239" should be broken > too. > Could that be possible? > Has some one recognized same behavior? http://bugs.xine-project.org/show_bug.cgi?id=204; see also current hg. -- | Darren Salt | linux or ds at | nr. Ashington, | Toon | RISC OS, Linux | youmustbejoking,demon,co,uk | Northumberland | Army | + Use more efficient products. Use less. BE MORE ENERGY EFFICIENT. Dishonour will not trouble me, once I am dead. |
From: Lutz K. <Lutz@Koschorreck.com> - 2009-02-09 17:19:55
|
Darren Salt schrieb: > I demand that Lutz Koschorreck may or may not have written... > > >> today I updated xine-lib to 1.1.16.1. >> Since using this version, pvr:// input is broken. >> I found out that buf->size is used for checking directly after calling >> buffer_pool_alloc().( + if (todo < 0 || todo > buf->size) + return NULL;+) >> But buf->size is set to 0 in buffer_pool_alloc(), so the plugin_read_block >> function will ever return NULL. >> > > >> I think all touched files within "Fix for CVE-2008-5239" should be broken >> too. >> > > >> Could that be possible? >> Has some one recognized same behavior? >> > > http://bugs.xine-project.org/show_bug.cgi?id=204; see also current hg. > > Thanx a lot for the hint. The patch works fine for the pvr. Best regrads Lutz |