integer overflow in xemacs
Nico Golde
nico at ngolde.de
Wed Jan 23 06:43:18 EST 2008
Hi Stephen,
* Stephen J. Turnbull <stephen at xemacs.org> [2008-01-23 12:32]:
> Nico Golde writes:
>
> > during the analysis of CVE-2007-6109 and if this affects
> > xemacs Florian Weimer and me recognized a problem in the
> > xemacs code:
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457764#10
>
> Do you actually have an exploit? If so, we should fix the particular
> use, not change the macro.
xemacs21 -batch -eval '(format "%30000000d" 0)'
this is the same proof of concept like for CVE-2007-6109
that already has been fixed in emacs.
> As you must know, alloca is a performance optimization. Any extra
> checks will tend to defeat that purpose.
How is alloca related to performance? I mean you should
really fix this macro its used all over the code and it is
dangerous.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://calypso.tux.org/pipermail/xemacs-beta/attachments/20080123/8fddd1cb/attachment.bin
More information about the XEmacs-Beta
mailing list