bug#11787: Potential use after free bug in coreutils 8.17

Find in this group all groups

Home Log In Sign Up FAQ

Unknown

more information…

b : bug-coreutils@gnu.org

26 June 2012 • 1:01PM -0400

bug#11787: Potential use after free bug in coreutils 8.17
by Xu Zhongxing

Google me that

REPLY TO AUTHOR

Google me that

REPLY TO GROUP

In Coreutils 8.17, csplit.c, static bool load_buffer (void)

On line 503 and 511, b is passed to free_buffer() twice. This could lead to a use-after-free bug in free_buffer(): struct line *n = l->next;, where buf->line_start is freed in the first call of free_buffer().

- Xu Zhongxing

Bookmark with:

Delicious

Digg

Facebook

StumbleUpon

Related Messages

opensubscriber is not affiliated with the authors of this message nor responsible for its content.