Maxim Sobolev wrote: > Colin Percival wrote: >> (1) The platform is i386. > [...] >> still be broken if conditions (1)-(3) apply AND the buffer extends >> beyond 4GB (i.e., there is an integer overflow in computing "data + >> len"). > > How that could be? Isn't userland address space on i386 limited by 4GB?
Exactly -- that's why I said that the remaining bug replaces SIGSEGV (since a "correct" implementation would try to read kernel memory on its way towards an address overflow) with a bogus hash. This is strictly a "call us with bogus parameters, get a bogus result" issue. Colin Percival _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "[EMAIL PROTECTED]"
