Comment 0 for bug 1390491

Since VLC 2.2.0pre4, we've fixed a lot of head overflows, and heap buffer overflows in numerous VLC demuxers:

- demux: asf: stay within track limits
- demux: libmp4: fix heap overflow in stdp debug code (fix #12358)
- demux: mp4: fix heap buffer ofw with zero chunk (fix #12356)
- demux: tta: fix heap buffer ofw (fix #12357)
- demux: livavi: fix heap buffer ofw in strf parsing (fix #12359)
- demux: libavi: fix heap write ofw
- demux: ogg: fix use after free (fix #12360)
- demux: mp4: fix heap read ofw in extra bytes
- demux: asf: fix heap buffer write ofw in priorities (fix #12363)
- demux: mp4: fix last chunk size computation (fix #12362)
- demux: libmp4: fix heap buffer write ofw in chpl (fix #12366)

So far, we don't know any exploits, but the number is quite high, to be worrying.

Since you package -pre2 in Utopic, you should care also about the following int overflows, heap buffer overflows, heap overflows and other important crashes:
      access: dvdread: fix int overflow (cid #1062572)
      addons: fix deference before null check (cid #1231840)
      demux: mp4: fix integer overflow (fix #12074)
      packetizer: dirac: block sanitizing must clean reordering (fix #12051)
      demux: avi:fix block reading
      demux: mp4: fix heap buffer overflow (fix #12266)
      demux: ogg: Don't read skeleton if no bones first
      demux: ogg: don't use incomplete vorbis headers (fix #12270)
      demux: ogg: fix headers validation
      demux: mp4: fix heap read overflow in avcc (fix #12267)
      demux: ogg: fix packet count heap overflow (fix #12265)
      demux: mp4: don't read at all if not content
      demux: mp4: fix heap overflow (fix #12283)
      demux: mp4: don't trust atom type processing stsd (fix #12285)
      demux: mp4: fix heap overflow reading esds
      demux: mp4: fix heap read overflow in vide handler
      demux: mp4: fix overflow in cprt language decoding
      input: stream_memory: handle skip reads