https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206551
Jilles Tjoelker changed:
What|Removed |Added
CC||jil...@freebsd.org
--- Comment #
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206551
CTurt changed:
What|Removed |Added
Resolution|--- |Not A Bug
Status|Open
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206551
Kubilay Kocak changed:
What|Removed |Added
Status|New |Open
--
You are receiving this ma
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206551
--- Comment #3 from CTurt ---
In the disassembly of `libiconv.so`, the check is performed on an `unsigned
int` for some reason:
unsigned int v24;
...
&& v24 <= 0x41000
I'm not sure why this is, considering the type of `ia_data
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206551
Kubilay Kocak changed:
What|Removed |Added
Keywords||needs-patch, needs-qa,
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206551
--- Comment #2 from CTurt ---
It's worth noting that the minimum size which can be passed for a signed 32bit
integer is `-0x7fff`, which wraps around to `0x8001`.
If on FreeBSD 9, when this size goes through `malloc` it wil
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206551
CTurt changed:
What|Removed |Added
Summary|Integer overflow in iconv |Heap overflow in iconv
|
