[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Chicken-users] [SECURITY] Potential buffer overrun in string-translate*
From: |
Peter Bex |
Subject: |
[Chicken-users] [SECURITY] Potential buffer overrun in string-translate* |
Date: |
Mon, 15 Jun 2015 08:41:15 +0200 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
Hello CHICKEN users,
Using gcc's Address Sanitizer, it was discovered that the string-translate*
procedure from the data-structures unit can scan beyond the input string's
length up to the length of the source strings in the map that's passed to
string-translate*. This issue was fixed in master 8a46020, and it will
make its way into CHICKEN 4.10.
This bug is present in all released versions of CHICKEN.
There is no known workaround, except applying the patch posted in the
following chicken-hackers thread:
http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/msg00037.html
Kind regards,
The CHICKEN Team
signature.asc
Description: Digital signature
- [Chicken-users] [SECURITY] Potential buffer overrun in string-translate*,
Peter Bex <=