Eric Blake <ebb9 <at> byu.net> writes: > The full vulnerability is that on cygwin, any program that uses asprintf with > cygwin 1.5.22 or earlier, where the result of asprintf is a multiple of 4 but > not 8 and is greater than 1024, will corrupt the heap.
Oh, and I meant to add that one of these programs is gdb itself. I found it rather interesting trying to debug the bash coredump when the debugger itself dumped core due to the same bug. -- Eric Blake -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
