Date: Tue, 13 Sep 2016 21:53:03 +0200 From: Hanno Böck <hanno@...eck.de> To: Seth Arnold <seth.arnold@...onical.com> Cc: "vul@...safe" <vul@...safe.com>, oss-security@...ts.openwall.com Subject: Re: Heapoverflow in giflib5.1.4 On Tue, 13 Sep 2016 12:24:23 -0700 Seth Arnold <seth.arnold@...onical.com> wrote: > Hanno, can you still reproduce this issue? I followed your excellent > reproducer script and I don't get any ASAN warnings. If you still get > ASAN warnings this may indicate the source of the confusion. Ok, interesting: I can't reproduce it any more with my poc or the poc from bug 102 with the git code. I can however easily generate another sample that causes the same bug. See attachment. -- Hanno Böck https://hboeck.de/ mail/jabber: hanno@...eck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 Download attachment "gif2rgb-oob-new.gif" of type "image/gif" (42 bytes) Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.