[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Chicken-hackers] [PATCH] Fix unsafe specializations in types.db

From: Peter Bex
Subject: Re: [Chicken-hackers] [PATCH] Fix unsafe specializations in types.db
Date: Thu, 10 Sep 2015 20:49:18 +0200
User-agent: Mutt/1.5.21 (2010-09-15)

On Sun, Sep 06, 2015 at 09:07:20PM +0200, Moritz Heidkamp wrote:
> Hi everyone,
> the attached patch addresses the issue explained in
> as well as similar ones I found by
> sifting through the whole of types.db, though I can't guarantee that any
> other instances slipped my attention, of course.

Good find, that one.  Kind of scary, too!  I didn't look to hard to find
other such cases.  Poring over the list of scrutiny replacements in full
make my eyes glaze over.  Instead of waiting until someone puts in the
effort to do a complete audit, I've decided to go ahead and push your
fixes.  Would you please make an announcement & request a CVE for this?

> The only one I'm a bit unhappy about is `move-memory!' as I couldn't
> find a safe inline version of it. Does anyone have a clue whether there
> is such a thing already?

I don't think we have anything like that yet, we'd have to make one.


Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]