[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-ncurses] tic Buffer Overflow

From: Thomas Dickey
Subject: Re: [bug-ncurses] tic Buffer Overflow
Date: Fri, 24 Nov 2017 19:54:52 -0500
User-agent: Mutt/1.5.21 (2010-09-15)

On Thu, Nov 23, 2017 at 04:34:28PM +0100, Dr. Werner Fink wrote:
> Beside this, using
>   --enable-string-hacks
> avoids the sprintf() based buffer overflow.

possibly (there's always bugs).

However -

        - the report didn't actually give the test-case (I'll have
          to construct one), and

        - the stack trace in the report shows that tic terminated
          due to the stack-checking built into the Debian package.

The description with the usual claims of "execute arbitrary code"
lessens the value of the report.

Thomas E. Dickey <address@hidden>

Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]