[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Chicken-hackers] [PATCH] Fix unsafe specializations in types.db
|
From: |
Peter Bex |
|
Subject: |
Re: [Chicken-hackers] [PATCH] Fix unsafe specializations in types.db |
|
Date: |
Thu, 10 Sep 2015 20:49:18 +0200 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Sun, Sep 06, 2015 at 09:07:20PM +0200, Moritz Heidkamp wrote:
> Hi everyone,
>
> the attached patch addresses the issue explained in
> https://bugs.call-cc.org/ticket/1216 as well as similar ones I found by
> sifting through the whole of types.db, though I can't guarantee that any
> other instances slipped my attention, of course.
Good find, that one. Kind of scary, too! I didn't look to hard to find
other such cases. Poring over the list of scrutiny replacements in full
make my eyes glaze over. Instead of waiting until someone puts in the
effort to do a complete audit, I've decided to go ahead and push your
fixes. Would you please make an announcement & request a CVE for this?
> The only one I'm a bit unhappy about is `move-memory!' as I couldn't
> find a safe inline version of it. Does anyone have a clue whether there
> is such a thing already?
I don't think we have anything like that yet, we'd have to make one.
Cheers,
Peter
signature.asc
Description: Digital signature