-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 According to Jim Meyering on 5/8/2008 1:10 PM: | | However, given too long a string of digits, "Number" overflows. | Considering the rigorous parsing elsewhere in that file, I think | this must be accidental.
Accidental, but not unnoticed, and hopefully not severe. I spotted the same issue a couple of years ago when I first started patching m4, but as I haven't spotted any security holes so far in using a truncated value, it hasn't been my highest priority. But now that you mention it, I'll probably tighten up the check, and reject frozen files the moment an integer overflows, rather than proceeding on indefinitely with the truncated value (most likely to reject the file later when the rest of the parse is out of sync). - -- Don't work too hard, make some time for fun as well! Eric Blake [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgjV+cACgkQ84KuGfSFAYBwmwCglEdS8Gu6ttY1ruJSOQitaBmE Y6EAmgJTg7SMKW1leY3pJoDFxtjERwFs =XdN3 -----END PGP SIGNATURE-----
