Re: [bug-ncurses] tic Buffer Overflow

bug-ncurses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-ncurses] tic Buffer Overflow

From:	Thomas Dickey
Subject:	Re: [bug-ncurses] tic Buffer Overflow
Date:	Fri, 24 Nov 2017 19:54:52 -0500
User-agent:	Mutt/1.5.21 (2010-09-15)

On Thu, Nov 23, 2017 at 04:34:28PM +0100, Dr. Werner Fink wrote:
> Beside this, using
> 
>   --enable-string-hacks
> 
> avoids the sprintf() based buffer overflow.

possibly (there's always bugs).

However -

        - the report didn't actually give the test-case (I'll have
          to construct one), and

        - the stack trace in the report shows that tic terminated
          due to the stack-checking built into the Debian package.

The description with the usual claims of "execute arbitrary code"
lessens the value of the report.

-- 
Thomas E. Dickey <address@hidden>
https://invisible-island.net
ftp://ftp.invisible-island.net

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

tic Buffer Overflow, Hosein Askari, 2017/11/23
- Re: tic Buffer Overflow, Thomas Dickey, 2017/11/23
  - Re: [bug-ncurses] tic Buffer Overflow, Dr. Werner Fink, 2017/11/23
    - Re: [bug-ncurses] tic Buffer Overflow, Thomas Dickey <=

Prev by Date: [PATCH 1/1] ncurses: patch to correct linker flag sequence
Next by Date: ANN: ncurses-6.0-20171125
Previous by thread: Re: [bug-ncurses] tic Buffer Overflow
Next by thread: [PATCH 1/1] ncurses: patch to correct linker flag sequence
Index(es):
- Date
- Thread