Hi Emilio, 2017-01-31 22:23 GMT+01:00 Bálint Réczey <[email protected]>: > Hi Emilio, > > 2017-01-31 22:14 GMT+01:00 Emilio Pozuelo Monfort <[email protected]>: >> Hi Balint, >> >> On 31/01/17 21:46, Balint Reczey wrote: >>> Log: >>> wavpack's issues don't affect wheezy >>> >>> The first part of the upstream patch is not needed since the >>> code is very different and not vulnerable. >>> The second part applies, but does not make any difference when >>> trying the exploits. Tested with valgrind on Wheezy. >> >> These issues were found with address sanitizer, so I don't think checking >> with >> valgrind is enough (it's not the same). >> >> May be worth checking with asan (it should be available in wheezy's llvm >> 3.1). > > I was able to reproduce the heap issues on sid with valgrind but i > give llvm a try, too.
Llvm 3.1 supports ASAN, but I could not find clang in the llvm-3.1 packages. What am I missing? :-) Cheers, Balint
