Re: integer overflow in xemacs
Hi Stephen,
* Stephen J. Turnbull <stephen(a)xemacs.org> [2008-01-23 12:32]:
Nico Golde writes:
> during the analysis of CVE-2007-6109 and if this affects
> xemacs Florian Weimer and me recognized a problem in the
> xemacs code:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457764#10
Do you actually have an exploit? If so, we should fix the particular
use, not change the macro.
xemacs21 -batch -eval '(format "%30000000d" 0)'
this is the same proof of concept like for CVE-2007-6109
that already has been fixed in emacs.
As you must know, alloca is a performance optimization. Any extra
checks will tend to defeat that purpose.
How is alloca related to performance? I mean you should
really fix this macro its used all over the code and it is
dangerous.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion(a)jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
_______________________________________________
XEmacs-Beta mailing list
XEmacs-Beta(a)xemacs.org
http://calypso.tux.org/cgi-bin/mailman/listinfo/xemacs-beta
Attachments:
- attachment.sig (application/pgp-signature — 189 bytes)