[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Report 4 different bugs discoverd in gawk
|
From: |
arnold |
|
Subject: |
Re: Report 4 different bugs discoverd in gawk |
|
Date: |
Tue, 02 Aug 2022 11:01:26 -0600 |
|
User-agent: |
Heirloom mailx 12.5 7/5/10 |
Paul Eggert <eggert@cs.ucla.edu> wrote:
> On 8/2/22 07:20, arnold@skeeve.com wrote:
> > Three of these four bugs are in files that come from GNULIB, I simply copy
> > them from there. Please resend those three reports directly to
> > bug-gnulib@gnu.org.
> >
> > I will work on the fourth one in gawk's builtin.c.
>
> The Gnulib bugs are known issues with regular expressions, and the usual
> response to this sort of bug is "don't do that", i.e., regular
> expressions should not be under the control of the attacker.
>
> While looking into this I found several places in builtin.c where
> integer overflow can mess up 'awk' due to sizes being miscalculated or
> whatever. I expect the problems are also in the "don't do that" category
> but if you'd like me to look into this further please let me know.
Sure Paul, if you have suggestions I'd be happy to review them.
I am actively working on the next release, so now is a great time.
Thanks!
Arnold