PMC test 57 seems to work only by sheer dumb luck, and running it through Electric Fence highlights a mallocing problem.
In some of the the key_element_* functions in key.c, we have
code like this:
if(key != NULL) {
INTVAL hash = key_hash(interpreter,index);
hash = hash % NUM_BUCKETS;
memcpy(&key->keys[hash],value,sizeof(KEY_PAIR));
}
Now, what if hash > key->size?
--
To downgrade the human mind is bad theology.
- C. K. Chesterton
