On Tue, 14 Jun 2022 18:24:54 +0200 Denys Vlasenko <[email protected]> wrote:
> On Tue, Jun 14, 2022 at 8:55 AM Natanael Copa <[email protected]> wrote: > > Hi! > > > > Is there anything else I can do to help fix CVE-2022-30065? I have > > created a testcase for the testsuite and proposed a fix, but I'm not > > that familiar with awk code so I would appreciate some help with this > > before pushing it to thousands (millions?) of users. > > cd testsuite && ./runtest awk > > fails a lot with this change. Indeed, sorry! I thought I ran it locally but I must have done something wrong when running them here. Need to go back to the drawing board... Valgrind also show that those (at least one of those) does not touches memory it shouldn't. Maybe we should set it to null together with free? The comment says: > //TODO: L.v may be invalid now, set L.v to NULL to catch bugs? But apparently L.v is not always invalid. How do we know when it is invalid and when it is not? Other ideas how to fix this? -nc _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
