Hi zyx, hi all,
I've addressed the below concerns, and run-tested as I could, pity
my GCC 5.2.1 didn't find a difference with/out patch with the option
-fsanitize=undefined, except for my diagnostic message ;-(. I used
the same test program as earlier. Please review the patch attached.
> zyx
Hi
I’ve been doing some patching over the past couple of days and have patches for
most of the CVEs.
I think the patch in r1835 fixes the case where pObj == pObj->GetParent() but I
don’t think it fixes cases where pObj == pObj->GetParent()->GetParent() or
pObj->GetParent() ==
On Thu, 2017-03-02 at 17:31 +0100, Agostino Sarubbo wrote:
>
Hi,
I tried on couple of CVE-s, using trunk at revision 1834. I chose to
behave in a non-forgiving way, but feel free to discuss those
"solutions" here, if you can think of anything better.
CVE-2017-5852 - fixed with