Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 29 Jul 2016 09:31:04 +0200
From: Agostino Sarubbo <ago@...too.org>
To: cve-assign@...re.org
Cc: oss-security@...ts.openwall.com
Subject: Re: Re: paps: heap overflow when processing crafted file

On Thursday 28 July 2016 17:01:38 cve-assign@...re.org wrote:
> Also, the patch is apparently only about handling empty files,

The bug comes from the fuzzer, which did not pass an empty file.
Later, I discovered that an empty file has the same behaviour of 
the crafted.

In other words:
- The same crash happen for the empty and crafted file.
- The patch covers both cases (when the file is empty and when 
contains random data).

--
Agostino Sarubbo

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ