On Wed, Aug 29, 2018 at 05:20:25PM -0400, Jeff King wrote:
> Nice catch. The patch looks good to me, but just to lay out my thought
> process looking for other related problems:
>
> We have two types of instructions:
>
> 1. Take N bytes from position P within the source.
>
> 2. Take the
On Wed, Aug 29, 2018 at 10:58:55PM +0200, Jann Horn wrote:
> If `cmd` is in the range [0x01,0x7f] and `cmd > top-data`, the
> `memcpy(out, data, cmd)` can copy out-of-bounds data from after `delta_buf`
> into `dst_buf`.
>
> This is not an exploitable bug because triggering the bug increments the
2 matches
Mail list logo