Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 12 Jan 2017 12:14:05 +0100
From: Hanno Böck <>
To: OSS Security Mailinglist <>
Subject: invalid free in GNU ed before 1.14.1


ed 1.14.1 fixes an invalid free, reported here:

echo -e "H\n?\{" | ed

Found with afl. ed 1.14.1 didn't show any more issues with afl/asan

Not sure if there's any scenario where ed is used with untrusted input.

ed isn't developed in a version control system, therefore I can't link
to a commit, but the patch to fix it is this:

--- a/regex.c	2017-01-06 02:06:04.000000000 +0100
+++ b/regex.c	2017-01-09 17:09:51.000000000 +0100
@@ -135,7 +135,6 @@ static regex_t * get_compiled_regex( con
     char buf[80];
     regerror( n, exp, buf, sizeof buf );
     set_error_msg( buf );
-    free( exp );
     exp = 0;
   return exp;

Hanno Böck

GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ