[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Chicken-announce] [SECURITY] Potential denial of service due to segfaul

From: Peter Bex
Subject: [Chicken-announce] [SECURITY] Potential denial of service due to segfault in "length" on improper lists
Date: Wed, 31 May 2017 08:48:20 +0200
User-agent: Mutt/1.5.23 (2014-03-12)

Hi all,

We just fixed a potential security issue in the standard Scheme length
procedure.  When length is called on an improper list, the underlying
C function C_i_list incorrectly checks the head of the _input_ list
for being a pair rather than the head of the part currently being

This causes the code to (unsafely) take the cdr of a non-pair, which
causes a segmentation fault.  This means that a program that (read)s user
input and calls length on it is susceptible to a denial of service, as
an attacker can induce a crash at will.

This issue has been fixed in master by commit 075e58335f and in the
chicken-5 branch by commit a8b114660.  The patch can be found here:

A simple workaround would be to first call list? on the object before
handing it over to length.

Many thanks to megane for finding and reporting this bug.


Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]