Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 27 Oct 2012 15:08:00 -0400
From: Eitan Adler <lists@...anadler.com>
To: oss-security@...ts.openwall.com
Subject: Re: Medium severity flaw with Perl 5

On 26 October 2012 04:48, Tim Brown <timb@...-dimension.org.uk> wrote:
> I recently discovered that Perl 5 interpreter is vulnerable to memory
> corruption when large values are supplied to the x operator.
>
> After discussions with the vendor, CVE-2012-5195 was assigned to this
> vulnerability.
>
> I know Red Hat and Debian have picked it up, but I'm not sure about other
> vendors.

On FreeBSD

on amd64: typedef __uint64_t __size_t;
on i386 I believe __size_t is __unit32_t;

Since memset takes a size_t (typedefed of __size_t) a negative number
would either be optimized out or turned into a large positive number.
As such there is no negative offset or negative jump.

and such  we are not vulnerable.

Is this correct or am I missing something?



-- 
Eitan Adler

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ