Re: integer overflow in xemacs
Hi Stephen,
* Stephen J. Turnbull <stephen(a)xemacs.org> [2008-01-23 19:08]:
Nico Golde writes:
> How is alloca related to performance?
Excuse me? alloca is used to avoid a malloc/free pair in performance-
critical places, often in inner loops. It's a dirty hack, of course,
but essential for performance reasons.
Ah ok you wanted to point to this, true alloca is basically
just add on bsp.
> I mean you should really fix this macro its used all over the
code
> and it is dangerous.
So is crossing streets used by automobiles, but billions of
pedestrians do that every day, as a performance optimization.
;)
Ok anyway its your code so I don't care. To get a more
friendlier discussion again ... when I checked CVE-2007-6109 I looked
at the code and saw that there should be no problem unless I
saw this macro. That's why I did mail you, I did however not
check any other upstream release I assumed we have the
latest release in Debian. If not ok, thanks for pointing
that out.
The specific problem with `format' has already been fixed in
XEmacs
21.5, I believe (it does not segfault), and probably is slated for the
next release of XEmacs 21.4.
Ok thanks for this information. I am going to ping the
xemacs maintainer to update our builds then. Do you have a
patch read in case he is missing in action?
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion(a)jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
_______________________________________________
XEmacs-Beta mailing list
XEmacs-Beta(a)xemacs.org
http://calypso.tux.org/cgi-bin/mailman/listinfo/xemacs-beta
Attachments:
- attachment.sig (application/pgp-signature — 189 bytes)