chicken-janitors
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Chicken-janitors] #1308: process-execute segfaults with huge amount

From: Chicken Trac
Subject: Re: [Chicken-janitors] #1308: process-execute segfaults with huge amount of arguments
Date: Thu, 11 Aug 2016 08:45:47 -0000 
#1308: process-execute segfaults with huge amount of arguments
-----------------------------+--------------------
  Reporter:  wasamasa        |      Owner:
      Type:  defect          |     Status:  new
  Priority:  minor           |  Milestone:  4.12.0
 Component:  core libraries  |    Version:  4.11.0
Resolution:                  |   Keywords:  posix
-----------------------------+--------------------

Comment (by LemonBoy):

 Luckily it is quite simple this time :)
 [wrt posixunix.scm, the same applies for the windows variant] The
 `setarg`/`setenv` functions will blindly set the `i`-th element of the
 given array without checking if the index is within the array boundaries;
 what happens here is a silly buffer overflow of the
 `C_exec_args`/`C_exec_env` buffers.

 PS: It's probably worth to add a NULL guard for the `malloc` in
 `C_set_arg_string`.

--
Ticket URL: <http://bugs.call-cc.org/ticket/1308#comment:2>
CHICKEN Scheme <https://www.call-cc.org/>
CHICKEN Scheme is a compiler for the Scheme programming language.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]