[Chicken-users] [SECURITY] Potential buffer overrun in string-translate*

chicken-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Chicken-users] [SECURITY] Potential buffer overrun in string-translate*

From:	Peter Bex
Subject:	[Chicken-users] [SECURITY] Potential buffer overrun in string-translate*
Date:	Mon, 15 Jun 2015 08:41:15 +0200
User-agent:	Mutt/1.5.21 (2010-09-15)

Hello CHICKEN users,

Using gcc's Address Sanitizer, it was discovered that the string-translate*
procedure from the data-structures unit can scan beyond the input string's
length up to the length of the source strings in the map that's passed to
string-translate*.  This issue was fixed in master 8a46020, and it will
make its way into CHICKEN 4.10.

This bug is present in all released versions of CHICKEN.

There is no known workaround, except applying the patch posted in the
following chicken-hackers thread:
http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/msg00037.html

Kind regards,
The CHICKEN Team

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Chicken-users] [SECURITY] Potential buffer overrun in string-translate*, Peter Bex <=
- Re: [Chicken-users] [Chicken-announce] [SECURITY] Potential buffer overrun in string-translate*, Peter Bex, 2015/06/15

Prev by Date: Re: [Chicken-users] [Chicken-announce] CHICKEN 4.10.0 release candidate 1 available
Next by Date: [Chicken-users] SWIG support
Previous by thread: Re: [Chicken-users] [Chicken-hackers] [Proposal] Officially drop SWIG support?
Next by thread: Re: [Chicken-users] [Chicken-announce] [SECURITY] Potential buffer overrun in string-translate*
Index(es):
- Date
- Thread