http://bugs.busybox.net/view.php?id=4664
./ping6 -
accesses invalid memory
First, it calls ping6_main(argc=2, argv={"ping6", "-", 0}):
int ping6_main(int argc, char **argv)
{
argv[0] = (char*)"-6";
return ping_main(argc + 1, argv - 1);
}
ping_main then calls getopt32(argv, ...) which illegally dereferences
argv[0], that is, the old argv[-1], on line getopt32.c:347:
346: argc = 0;
347: while (argv[argc])
348: argc++;
Thanks,
Cristian
_______________________________________________
busybox mailing list
[email protected]
http://busybox.net/cgi-bin/mailman/listinfo/busybox
