[16294] in bugtraq
Re: MacroMedia Flash/Shockwave plug-in on linux : memcpy overrun
daemon@ATHENA.MIT.EDU (Solar Designer)
Fri Aug 18 04:00:09 2000
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-ID: <200008180325.HAA26456@false.com>
Date: Fri, 18 Aug 2000 07:25:35 +0400
Reply-To: Solar Designer <solar@FALSE.COM>
From: Solar Designer <solar@FALSE.COM>
X-To: Chiaki.Ishikawa@PERSONAL-MEDIA.CO.JP
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200008140726.QAA17112@sparc18.personal-media.co.jp> from Chiaki
Ishikawa at "Aug 14, 0 04:26:05 pm"
>
> I have been using libsafe on linux and found that
> - netscape plug-in for Flash/Shockwave plug-in seems to have
> memcpy overrun problem.
Someone has already posted about this in June. I've replied
privately explaining that this may not be a bug. I am CC'ing
the list this time.
libsafe depends on all components of programs you use to be compiled
with frame pointers. If gcc's -fomit-frame-pointer was used on at
least one source file in at least one software component (such as a
browser plug-in), then libsafe's checks do the wrong thing and you
may in fact be introducing DoS possibilities by using libsafe.
> But for the last one, dated Aug 14, I know what URL caused the abort
> exactly. This prompted me to write this article.
> (Presumably, those who have access to the source code of
> the Flash/Shockwave plug-in should be able to fix this problem easily by
> trying the URL.)
>
> URL:
> http://www.washingtonpost.com/wp-srv/photo/conventions/
Have you tried visiting this URL without libsafe installed? If it
still causes a crash, then you really have something to report.
Signed,
Solar Designer
