On Fri, Apr 13, 2018 at 7:26 AM, cabstand wrote:
> On Ubuntu 16.04 TLS I have been injecting /dev/urandom data into
> commands via bash. I consistently get heap crashes in info.
>
> It takes about 400M of regular user data to get the crash. To date I
> have not isolated the random string section that cause the crash.
>
> Simple attack example:
>
> dd if=/dev/urandom | info 2> error.txt
>
> * urandom has extra seeding
> * Ubuntu is running in Virtualbox Version 5.2.8 r121009 (Qt5.6.2) on
> Win 8.1,which is not memory constrained.
>
> Hope this helps
Thank you for the report. When I tried it the results were different
each time, but in some cases the crash happened in the "echo area"
handling code. My guess is that the code is not set up to deal with
very long input in the echo area.