Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 12 Jan 2017 12:14:05 +0100
From: Hanno Böck <>
To: OSS Security Mailinglist <>
Subject: invalid free in GNU ed before 1.14.1


ed 1.14.1 fixes an invalid free, reported here:

echo -e "H\n?\{" | ed

Found with afl. ed 1.14.1 didn't show any more issues with afl/asan

Not sure if there's any scenario where ed is used with untrusted input.

ed isn't developed in a version control system, therefore I can't link
to a commit, but the patch to fix it is this:

--- a/regex.c	2017-01-06 02:06:04.000000000 +0100
+++ b/regex.c	2017-01-09 17:09:51.000000000 +0100
@@ -135,7 +135,6 @@ static regex_t * get_compiled_regex( con
     char buf[80];
     regerror( n, exp, buf, sizeof buf );
     set_error_msg( buf );
-    free( exp );
     exp = 0;
   return exp;

Hanno Böck

GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.