--On Wednesday, January 27, 2016 4:40 PM +0100 Mark Martinec
<mark.martinec+ama...@ijs.si> wrote:
The change log to Convert::UUlib 1.50 shows:
Revision history for Perl extension Convert::UUlib.
1.5 Sat Jul 11 03:56:06 CEST 2015
- fix a heap overflow (testcase by Krzysztof WojtaĆ).
- on systems that support it (posix + mmap + map_anonymous),
allocate all dynamic areas via mmap and put four guard
pages around them, to catch similar heap overflows
safely in the future.
- find a safer way to pass in CC/CFLAGS to uulib.
- added stability canary support.
The extra protection (guard pages) is probably what is
causing your crashes: previously some heap overflow could
cause corruption and havoc without necessarily being noticed,
bringing down a process. If I understand the changelog
correctly, the new guard pages make it possible to detect
some runaway memory access in uulib and terminate the process
if this occurs, instead of letting a corruption spread.
This is a good step in guarding against security exploits:
better crash than let a leak be exploitable. Unfortunately
the violation cannot be contained, which affects apparent
stability.
Great, thanks Mark!
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration