"Ronald F. Guilmette" <r...@tristatelogic.com> writes: > Xin Li <delp...@delphij.net> writes: > > For this bug, doing calloc() makes no difference. > I would very much like to know how you reached that conclusion.
It's very simple. The explpoit relies on reading past the end of the allocated buffer. Clearing the allocated buffer would not have made any difference. The problem is the size of the buffer, not its contents. DES -- Dag-Erling Smørgrav - d...@des.no _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
