.I was wondering if anyone has figured out this bug?
I took a look at the diff and saw what they changed in CRawParser::AddString(), however I've not found anywhere that those changes make a difference.
I REd the CRawParser object and the 0x190th member is a counter value that is initialized to 0 and is checked at the start of the function before adding a new string to the object, the change that was the most obvious to me is that they changed the comparison from a == to a >=, so if that counter is larger than 0x32, we can cause a stack overflow. I just haven't found anywhere that the counter was modified outside of CRawParser::AddString(), so I don't think thats possible.
The rest of the changes I looked at seem to be related to the MJPEG bug.
Any thoughts? Am I missing something dumb here? :)
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}