On Sat, Aug 06, 2022 at 05:12:13AM +0000, Thomas DiModica wrote: > Yes, I keep spamming this trying to find an appropriate mailing list. I don't > remember how or why I initially stumbled across this bug report > (https://bugs.launchpad.net/ubuntu/+source/bc/+bug/1775776), but, given that > I have some familiarity with GNU bc, I decided to fix some of the issues. > Turns out, this also seems to fix the crashes reported here > (https://www.openwall.com/lists/oss-security/2018/11/28/1). I think it would > be a lot more useful to share this, as there isn't a lot to review. There are > three bug fixes and some self-defensive checks in the runtime for malformed > bytecode. Address Sanitizer tells me that these previously invalid memory > references now just leak memory. I don't appear to have broken anything in the > process, either. I'm not a member of any Debian mailing list, but I will try > to watch for responses. Please send such patches upstream.
-- WBR, wRAR
signature.asc
Description: PGP signature
