[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Chicken-announce] [SECURITY] Potential buffer overrun in string-transla

From: Peter Bex
Subject: [Chicken-announce] [SECURITY] Potential buffer overrun in string-translate*
Date: Mon, 15 Jun 2015 08:41:15 +0200
User-agent: Mutt/1.5.21 (2010-09-15)

Hello CHICKEN users,

Using gcc's Address Sanitizer, it was discovered that the string-translate*
procedure from the data-structures unit can scan beyond the input string's
length up to the length of the source strings in the map that's passed to
string-translate*.  This issue was fixed in master 8a46020, and it will
make its way into CHICKEN 4.10.

This bug is present in all released versions of CHICKEN.

There is no known workaround, except applying the patch posted in the
following chicken-hackers thread:

Kind regards,

Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]