[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Chicken-users] [SECURITY] Fix buffer overrun in substring-index[-ci
From: |
Moritz Heidkamp |
Subject: |
Re: [Chicken-users] [SECURITY] Fix buffer overrun in substring-index[-ci] |
Date: |
Mon, 12 Jan 2015 17:11:37 +0100 |
Moritz Heidkamp <address@hidden> writes:
> the substring-index[-ci] procedures of the data-structures unit are
> vulnerable to a buffer overrun attack when passed an integer greater
> than zero as the optional START argument.
Forgot to mention: As a work-around you can switch to SRFI 13's
string-contains procedure which also returns the substring's index in
case it is found.
Moritz
signature.asc
Description: PGP signature