Re: [dev] [st] Reporting a Segmentation fault

From: Greg Reagle <greg.reagle_AT_umbc.edu>
Date: Fri, 20 Nov 2015 15:00:30 -0500

That's right--buf is accessed without bounds checked. The problem is in
ttyread() in the while loop, buf gets overflowed, i.e. ptr - buf exceeds
BUFSIZ (8192). Haven't figured out how to remedy the problem (yet).

On 11/20/2015 01:16 PM, Martti K├╝hne wrote:
> I can generally reproduce this reliably using
> $ st -e cat /dev/urandom
> In what way the underflow of buflen is caused though, I have not yet
> been able to determine.
> One aspect of the problem is definitely that buflen is generally never
> range-checked.
>
> cheers!
> mar77i
>
Received on Fri Nov 20 2015 - 21:00:30 CET

This archive was generated by hypermail 2.3.0 : Fri Nov 20 2015 - 21:12:09 CET