Hi, I received the following bug report about TCC. At first glance, it would seem that the return value of sizeof() is an int, when the standard says that it should be a size_t, which is unsigned (ยง6.5.3.4.4).
-------------------- Start of forwarded message -------------------- Subject: Bug#352202: CVE-2006-0635: Incorrect parsing of sizeof() may introduce integer overflows From: Moritz Muehlenhoff <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Date: Fri, 10 Feb 2006 12:49:01 +0100 Package: tcc Version: 0.9.23-2 Severity: grave Tags: security Justification: user security hole "XFocus Security" discovered that tcc incorrectly evaluates certain sizeof() expressions, which may lead integer overflows. Please see http://www.securityfocus.com/archive/1/archive/1/424257/100/0/threaded for details. This has been assigned CVE-2006-0635, please mention it in the changelog when fixing it. Cheers, Moritz -------------------- End of forwarded message -------------------- -- ,''`. : :' : Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- _______________________________________________ Tinycc-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/tinycc-devel
