X-Spam-Check-By: sourceware.org
To: cygwin AT cygwin DOT com
From: Eric Blake <ebb9 AT byu DOT net>
Subject:  Re: FYI - bash crash due to asprintf bug
Date: Wed, 29 Nov 2006 20:28:06 +0000 (UTC)
Lines: 14
Message-ID:  <loom.20061129T212509-204@post.gmane.org>
References:  <456CF7D9 DOT 3090801 AT byu DOT net> <450464da0611290257i50116402m4b2d97fc303ec374 AT mail DOT gmail DOT com> <loom DOT 20061129T191244-617 AT post DOT gmane DOT org>
Mime-Version:  1.0
Content-Type:  text/plain; charset=us-ascii
Content-Transfer-Encoding:  7bit
User-Agent: Loom/3.14 (http://gmane.org/)
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Eric Blake <ebb9 <at> byu.net> writes:

> The full vulnerability is that on cygwin, any program that uses asprintf with 
> cygwin 1.5.22 or earlier, where the result of asprintf is a multiple of 4 but 
> not 8 and is greater than 1024, will corrupt the heap.

Oh, and I meant to add that one of these programs is gdb itself.  I found it 
rather interesting trying to debug the bash coredump when the debugger itself 
dumped core due to the same bug.

-- 
Eric Blake




--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/