On Wed, Mar 28, 2018 at 12:19:17AM +0200, Harald van Dijk wrote:
> 
> This introduces a buffer overread. When expmeta() sees a backslash, it
> assumes it can just skip the next character, assuming the next character is
> not a forward slash. By treating expanded backslashes as unquoted, it
> becomes possible for the next character to be the terminating '\0'.

This code has always had to deal with naked backslashes.  Can you
show me the exact pattern that results in the overread?

Thanks,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe dash" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to