[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Chicken-janitors] #1308: process-execute segfaults with huge amount
From: |
Chicken Trac |
Subject: |
Re: [Chicken-janitors] #1308: process-execute segfaults with huge amount of arguments |
Date: |
Thu, 11 Aug 2016 08:45:47 -0000 |
#1308: process-execute segfaults with huge amount of arguments
-----------------------------+--------------------
Reporter: wasamasa | Owner:
Type: defect | Status: new
Priority: minor | Milestone: 4.12.0
Component: core libraries | Version: 4.11.0
Resolution: | Keywords: posix
-----------------------------+--------------------
Comment (by LemonBoy):
Luckily it is quite simple this time :)
[wrt posixunix.scm, the same applies for the windows variant] The
`setarg`/`setenv` functions will blindly set the `i`-th element of the
given array without checking if the index is within the array boundaries;
what happens here is a silly buffer overflow of the
`C_exec_args`/`C_exec_env` buffers.
PS: It's probably worth to add a NULL guard for the `malloc` in
`C_set_arg_string`.
--
Ticket URL: <http://bugs.call-cc.org/ticket/1308#comment:2>
CHICKEN Scheme <https://www.call-cc.org/>
CHICKEN Scheme is a compiler for the Scheme programming language.
- Re: [Chicken-janitors] #1308: process-execute segfaults with huge amount of arguments,
Chicken Trac <=