Forum: Ruby-core segmentation fault/buffer overrun in pack.c (encodes)

F1d6cc2b735bfd82c8773172da2aeab9?d=identicon&s=25 Nobuyoshi Nakada (nobu)
on 2014-08-04 13:47
(Received via mailing list)
Issue #10019 has been updated by Nobuyoshi Nakada.


Tomas Hoger wrote:
> * The first byte of the SSP cookie is expected to be '\0' on e.g. recent Linux
systems (https://sourceware.org/bugzilla/show_bug.cgi?id=10149).  Hence 
off-by-one
overflow with '\0' would not be detected.

`encodes()` does uuencode and mime-encode, so never writes '\0'.

----------------------------------------
Bug #10019: segmentation fault/buffer overrun in pack.c (encodes)
https://bugs.ruby-lang.org/issues/10019#change-48189

* Author: Will Wood
* Status: Feedback
* Priority: Normal
* Assignee:
* Category: core
* Target version:
* ruby -v: ruby 2.1.2p168 (2014-07-06 revision 46721) [i386-mingw32]
* Backport: 2.0.0: REQUIRED, 2.1: DONE
This topic is locked and can not be replied to.