| delorie.com/archives/browse.cgi | search |
| X-Spam-Check-By: | sourceware.org |
| To: | cygwin AT cygwin DOT com |
| From: | Eric Blake <ebb9 AT byu DOT net> |
| Subject: | Re: FYI - bash crash due to asprintf bug |
| Date: | Wed, 29 Nov 2006 20:28:06 +0000 (UTC) |
| Lines: | 14 |
| Message-ID: | <loom.20061129T212509-204@post.gmane.org> |
| References: | <456CF7D9 DOT 3090801 AT byu DOT net> <450464da0611290257i50116402m4b2d97fc303ec374 AT mail DOT gmail DOT com> <loom DOT 20061129T191244-617 AT post DOT gmane DOT org> |
| Mime-Version: | 1.0 |
| User-Agent: | Loom/3.14 (http://gmane.org/) |
| X-IsSubscribed: | yes |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
Eric Blake <ebb9 <at> byu.net> writes: > The full vulnerability is that on cygwin, any program that uses asprintf with > cygwin 1.5.22 or earlier, where the result of asprintf is a multiple of 4 but > not 8 and is greater than 1024, will corrupt the heap. Oh, and I meant to add that one of these programs is gdb itself. I found it rather interesting trying to debug the bash coredump when the debugger itself dumped core due to the same bug. -- Eric Blake -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |