1. 05 May, 2012 2 commits
    • Casian Andrei's avatar
      block: Fix buffer total size in block_Alloc() · a5ebee89
      Casian Andrei authored
      The total size of the buffer (i_size) was initialized with the whole
      allocated size for the block. This fooled block_Realloc() in the case of
      resizing to slightly larger, with the extra size in range from
      32 to 32 + 80 bytes. block_Realloc() assumed it had enough space left in
      the buffer padding to avoid reallocating memory.
      
      Consequently, the block ended up with a i_buffer field with a value
      larger than the allocated memory around p_buffer.
      
      In the end, this could cause memory corruptions in all sorts of cases.
      In my case, vlc was crashing while encoutering a corrupted mp3 file.
      Signed-off-by: default avatarRémi Denis-Courmont <remi@remlab.net>
      a5ebee89
    • David Fuhrmann's avatar
      2d2cde17
  2. 04 May, 2012 14 commits
  3. 03 May, 2012 12 commits
  4. 02 May, 2012 12 commits