List Info

Thread: CR: Bug #177588 - Potential Memory Corruption Exploit
CR: Bug #177588 - Potential Memory Corruption Exploit
user name
 2006-10-19 17:56:44 
Checked into Head, hxclient_1_2_1_neptune,
hxclient_1_5_0_cayenne,
hxclient_2_1_0_cayennes.

Thanks,
Todd

> -----Original Message-----
> From: Eric Hyche [mailto:ehychereal.com]
> Sent: Thursday, October 19, 2006 6:42 AM
> To: 'Todd Zupan'; datatype-devhelixcommunity.org
> Subject: RE: [datatype-dev] CR: Bug #177588 - Potential
Memory
> Corruption Exploit
> 
> 
> This change looks good. Please check into the
hxclient_1_5_0_cayenne
> and hxclient_2_1_0_cayennes branches as well.
> 
> Eric
> 
> =============================================
> Eric Hyche (ehychereal.com)
> Technical Lead
> RealNetworks, Inc.
> 
> > -----Original Message-----
> > From: datatype-dev-bounceshelixcommunity.org
> > [mailto:datatype-dev-bounceshelixcommunity.org] On
Behalf Of Todd
> > Zupan
> > Sent: Wednesday, October 18, 2006 2:35 PM
> > To: datatype-devhelixcommunity.org
> > Subject: [datatype-dev] CR: Bug #177588 -
Potential Memory Corruption
> > Exploit
> >
> > Synopsis:
> >
> > There is a possible buffer overflow exploit in the
playback of
> > modified rm files.  The issue is that size values
are read from the
> > media, then used as the size of a memcpy command.
> > The problem is that this is called without
checking the bounds of the
> > call.  If the media is modified, the memcpy will
copy more data than
> > is actually stored, which can potentially lead to
a buffer overflow
> > exploit.  This CR is to fix the crash that occurs
in the
> > memorycorruption2heap.rm media file linked from
the bug report.
> >
> >
> >
> > Fix:
> >
> > Need to add bounds checking when calling memcpy,
making sure the
> sizes
> > read are no greater than the data allocated.
> >
> >
> >
> > Files Modified:
> >
> > rarvcode-video/payload/crvupack.cpp
> >
> >
> >
> > Branch:
> >
> > Head, Thxclient_1_2_1_neptune
> >
> >
> >
> > Platforms and Profiles Build Verified:
> >
> > Win32
> >
> >
> >
> > Thanks,
> >
> > Todd
> >
> >


_______________________________________________
Datatype-dev mailing list
Datatype-devhelixcommunity.org
http://lists.helixcommunity.org/mailman/listinfo/da
tatype-dev
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )