On Sun, Dec 14, 2014 at 11:41:34PM +0100, Moritz Heidkamp wrote: > Dear Chickeneers, > > the attached patch fixes a potential buffer overrun in > substring-index[-ci] I ran into today (pun intended). See commit message > for details. I included a regression test but I'm not sure whether it's > ideal because it adds a dependency on object-evict to the > data-structures tests. Alternative ideas welcome. While I was at it I > also added a range check for the start index argument and got rid of the > square brackets :-)
Thanks for the patch, Moritz! I've removed the test, as we discussed on IRC it's not very clear that this is guaranteed to exercise the bug and we removed object-evict from CHICKEN 5 anyway. I've also added a NEWS entry under "security", as this is newsworthy. I've pushed this to master and chicken-5. > I guess this might warrant a CVE? I think so. Could you please make an announcement and request one? Cheers, Peter -- http://www.more-magic.net _______________________________________________ Chicken-hackers mailing list Chicken-hackers@nongnu.org https://lists.nongnu.org/mailman/listinfo/chicken-hackers