[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: undiagnosed integer overflow in parsing frozen files
|
From: |
Eric Blake |
|
Subject: |
Re: undiagnosed integer overflow in parsing frozen files |
|
Date: |
Thu, 08 May 2008 13:43:35 -0600 |
|
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080421 Thunderbird/2.0.0.14 Mnenhy/0.7.5.666 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
According to Jim Meyering on 5/8/2008 1:10 PM:
|
| However, given too long a string of digits, "Number" overflows.
| Considering the rigorous parsing elsewhere in that file, I think
| this must be accidental.
Accidental, but not unnoticed, and hopefully not severe. I spotted the
same issue a couple of years ago when I first started patching m4, but as
I haven't spotted any security holes so far in using a truncated value, it
hasn't been my highest priority. But now that you mention it, I'll
probably tighten up the check, and reject frozen files the moment an
integer overflows, rather than proceeding on indefinitely with the
truncated value (most likely to reject the file later when the rest of the
parse is out of sync).
- --
Don't work too hard, make some time for fun as well!
Eric Blake address@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkgjV+cACgkQ84KuGfSFAYBwmwCglEdS8Gu6ttY1ruJSOQitaBmE
Y6EAmgJTg7SMKW1leY3pJoDFxtjERwFs
=XdN3
-----END PGP SIGNATURE-----