[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug: heap-buffer-overflow in function _nc_find_entry
|
From: |
Thomas Dickey |
|
Subject: |
Re: Bug: heap-buffer-overflow in function _nc_find_entry |
|
Date: |
Sat, 12 Oct 2019 16:18:58 -0400 |
|
User-agent: |
NeoMutt/20170113 (1.7.2) |
On Sat, Oct 12, 2019 at 09:29:41PM +0200, Sven Joachim wrote:
> On 2019-10-11 20:00 -0400, Thomas Dickey wrote:
>
> > On Fri, Oct 11, 2019 at 04:59:52PM +0800, address@hidden wrote:
> >> POC: https://github.com/zjuchenyuan/fuzzpoc/raw/master/infotocap_poc6
> >
> > I tested poc1-poc6 with valgrind on two different machines and it doesn't
> > see a problem with poc2, poc4 or poc6 (but I'll study the trace to see
> > what you might be reporting).
>
> FWIW, poc[1267] cause segfaults in a build with the Debian options (but
> poc[345] do not). I can send gdb backtraces if desired, but almost
> every variable is <optimized out>, and without optimization there are no
> crashes. :-(
Thanks, but I made fixes for all of those this morning (3 were duplicates):
> fix several errata in tic (reports/testcases by "zjuchenyuan"):
+ check for invalid hashcode in _nc_find_entry.
+ check for missing character after backslash in fmt_entry
+ check for acsc with odd length in dump_entry in check for one-one
mapping (cf: 20060415);
+ check length when converting from old AIX box_chars_1 capability,
overlooked in changes to eliminate strcpy (cf: 20001007).
--
Thomas E. Dickey <address@hidden>
https://invisible-island.net
ftp://ftp.invisible-island.net
signature.asc
Description: PGP signature