[Alsaplayer-devel] Buffer overflow in vorbis input plugin
Dominique Michel
dominique.michel at citycable.ch
Wed Sep 5 21:45:11 BST 2007
I just committed a patch from an user, Erik Sjölund. It fix a possible buffer
overflow in vorbis.
Quote:
I found a buffer overflow in alsaplayer.
# cat /etc/issue
Debian GNU/Linux 4.0 \n \l
# apt-get install alsaplayer
$ echo | oggenc -r - -a `perl -e 'print "A" x 60000;'` -o /tmp/out.ogg
2> /dev/null
$ alsaplayer /tmp/out.ogg 2> /dev/null
Segmentation fault
Endquote
He committed it at to security at debian.org in May but I didn't get any response.
This bug was still here. Hopefully and thanks to him, it is fixed now.
I tested this patch and it work fine on my system. Can you report if you find
anything wrong with it?
Ciao,
Dominique
More information about the alsaplayer-devel
mailing list