id summary reporter owner description type status priority milestone component version severity resolution keywords cc mlocked 11606 Patch to allocate sufficiently sized buffer in httplivestreambuffer.cpp - fixes coverity 1023889 Gary Buhrmaster JYA "This patch should be reviewed by jya, who wrote the code. This patch is current untested (I have no current mechanism to test). This looks to be a real buffer overflow bug. Per the specifications, the AES decryption will occur only on complete 16 byte blocks, with the remainder unencrypted. The codes allocated a buffer only big enough for the aes encrypted data, and when it copied the remainder, it overflowed that buffer (anywhere from 0 to 15 bytes). Coverity properly detected that the buffer was not going to be big enough for the (possible) remainder. The patch allocates a buffer big enough for the entire segment. Fixes coverity 1023889 (There is some chance coverity will not understand the fix) github formatted patch: https://github.com/garybuhrmaster/mythtv/commit/b551172f7cae07c33e3c92facc87c7023492e137 git-am formatted patch: https://github.com/garybuhrmaster/mythtv/commit/b551172f7cae07c33e3c92facc87c7023492e137.patch" Patch - Bug Fix closed minor unknown MythTV - General Master Head medium Fixed 0