Home
Solus
Search
Configure Global Search
Log In
Transactions
D788
Change Details
Change Details
Old
New
Diff
There was a longer-lasting buffer read overflow in the ID3 parser because code added in 2008 did not take care of possible integer overflow in an addition on platforms where long is 32 bits wide. This has been reported as [bug 254](https://mpg123.org/bugs/254). Upgrade on 32 bit platforms highly recommened, of course. We are still not talking about something nasty like code injection, but possible denial of service, although it was only recently discovered by the AddressSanitizer. Signed-off-by: Pierre-Yves <pyu@riseup.net>
- Hotfix for [bug 255](https://mpg123.org/bugs/255): Overflow reading frame data bits in layer II decoding. Now, all-zero data is returned if the frame data is exhausted. This might have a slight impact on performance, but not easily measurable so far. - There was a longer-lasting buffer read overflow in the ID3 parser because code added in 2008 did not take care of possible integer overflow in an addition on platforms where long is 32 bits wide. This has been reported as [bug 254](https://mpg123.org/bugs/254). Upgrade on 32 bit platforms highly recommened, of course. We are still not talking about something nasty like code injection, but possible denial of service, although it was only recently discovered by the AddressSanitizer. Signed-off-by: Pierre-Yves <pyu@riseup.net>
- Hotfix for [bug 255](https://mpg123.org/bugs/255): Overflow reading frame data bits in layer II decoding. Now, all-zero data is returned if the frame data is exhausted. This might have a slight impact on performance, but not easily measurable so far. -
There was a longer-lasting buffer read overflow in the ID3 parser because code added in 2008 did not take care of possible integer overflow in an addition on platforms where long is 32 bits wide. This has been reported as [bug 254](https://mpg123.org/bugs/254). Upgrade on 32 bit platforms highly recommened, of course. We are still not talking about something nasty like code injection, but possible denial of service, although it was only recently discovered by the AddressSanitizer. Signed-off-by: Pierre-Yves <pyu@riseup.net>
Continue