On Fri, Jan 06, 2017 at 11:33:16PM +0100, Tobias Stoeckmann wrote: > When the command line for children is created, it is assumed that > my_program_name always ends with "ffserver", which doesn't have to > be true if ffserver is called through a symbolic link. > > In such a case, it could be that not enough space for "ffmpeg" is > available at the end, leading to a buffer overflow. > > One example would be: > > $ ln -s /usr/bin/ffserver ~/f; ~/f > > As this is only a local buffer overflow, i.e. is based on a weird > program call, this has NO security impact. > --- > ffserver.c | 20 +++++++++++--------- > 1 file changed, 11 insertions(+), 9 deletions(-)
applied thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB The misfortune of the wise is better than the prosperity of the fool. -- Epicurus
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
