tinycc-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Tinycc-devel] Fwd: CVE-2006-0635: Incorrect parsing of sizeof() may int


From: Romain Francoise
Subject: [Tinycc-devel] Fwd: CVE-2006-0635: Incorrect parsing of sizeof() may introduce integer overflows
Date: Sat, 11 Feb 2006 14:29:30 +0100

Hi,

I received the following bug report about TCC.  At first glance, it
would seem that the return value of sizeof() is an int, when the
standard says that it should be a size_t, which is unsigned
(ยง6.5.3.4.4).

-------------------- Start of forwarded message --------------------
Subject: Bug#352202: CVE-2006-0635: Incorrect parsing of sizeof() may introduce 
integer overflows
From: Moritz Muehlenhoff <address@hidden>
To: Debian Bug Tracking System <address@hidden>
Message-ID: <address@hidden>
Date: Fri, 10 Feb 2006 12:49:01 +0100

Package: tcc
Version: 0.9.23-2
Severity: grave
Tags: security
Justification: user security hole

"XFocus Security" discovered that tcc incorrectly evaluates certain sizeof()
expressions, which may lead integer overflows. Please see 
http://www.securityfocus.com/archive/1/archive/1/424257/100/0/threaded
for details.

This has been assigned CVE-2006-0635, please mention it in the changelog when
fixing it.

Cheers,
        Moritz

-------------------- End of forwarded message --------------------

-- 
  ,''`.
 : :' :        Romain Francoise <address@hidden>
 `. `'         http://people.debian.org/~rfrancoise/
   `-




reply via email to

[Prev in Thread] Current Thread [Next in Thread]