Libidn serious bug on Windows x64

help-libidn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Libidn serious bug on Windows x64

From:	Evgeny Grin
Subject:	Libidn serious bug on Windows x64
Date:	Tue, 29 Mar 2016 12:16:58 +0300
User-agent:	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.1

Hi!

While debugging cURL on Windows x64 crash with simple run of "curl -v
http://яндекс.рф";, I discovered that crash caused by calling
tld_check_lz(). Further investigations reveal pointer to size_t is cast
to pointer to long in stringprep_utf8_to_ucs4() which in invalid on
Win64. As result - very high number is stored in items_written and in
tld_get_4() dereferenced an invalid pointer.
I can't make a minimal example to illustrate it as in minimal example
initial nullifying hides the problem. Hope that invalid casting is
obvious problem.

-- 
Best Wishes,
Evgeny Grin

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Libidn serious bug on Windows x64, Evgeny Grin <=

Prev by Date: idna_to_ascii_lz success even if no conversion to current locale
Previous by thread: idna_to_ascii_lz success even if no conversion to current locale
Index(es):
- Date
- Thread