[vdr] Re: Coredump - vdr 1.3.9 at eit.c:205

[Martin Schoenbeck <ms.usenet.NOSPAM@Schoenbeck.de>]

Hi Philip,

Philip Lawatsch schrieb:
> Well, I'm just waiting till someone sends epg data to root a lot of vdr 
> boxes using some neat buffer overflows.
> Providing how many vdrs are running as root (I'm sure there are a lot) 
> I'd really suggest to get rid of all auto variable buffers and use 
> buffers in the heap instead.
>
> .. or i'm just too paranoid :)
The better solution would be, not to trust in external definitions about 
sizes of received data, but to enforce them. Using heap buffer wouldn't 
really help, but only make it less violent.

Martin