James McCoy wrote: > A few issues were reported on RedHat's bug tracker[0] which have been > assigned CVE-2017-11109. I took an initial look at them and reduced the > fuzzer-created scripts so they're clearer (especially for POC2). > > [0]: https://bugzilla.redhat.com/show_bug.cgi?id=1468492 > > I've also attached a patch that resolves the issue for POC1. Below are > the ASAN tracebacks for each issue, all using 8.0.0702.
I think I fixed POC1, however for POC2 and POC3 I can't really see what the problem is. Perhaps it requires ASAN, valgrind won't be sufficient? -- In a world without fences, who needs Gates and Windows? /// Bram Moolenaar -- b...@moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org /// -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.