Dominique wrote:
> Bram Moolenaar <[email protected]> wrote:
>
> > James McCoy wrote:
> >
> >> A few issues were reported on RedHat's bug tracker[0] which have been
> >> assigned CVE-2017-11109. I took an initial look at them and reduced the
> >> fuzzer-created scripts so they're clearer (especially for POC2).
> >>
> >> [0]: https://bugzilla.redhat.com/show_bug.cgi?id=1468492
> >>
> >> I've also attached a patch that resolves the issue for POC1. Below are
> >> the ASAN tracebacks for each issue, all using 8.0.0702.
> >
> > I think I fixed POC1, however for POC2 and POC3 I can't really
> > see what the problem is. Perhaps it requires ASAN, valgrind won't be
> > sufficient?
>
> I can reproduce the errors with POC2 and POC3 with valgrind
> using:
>
> valgrind vim -u NONE -e -s -S POC2 -c ':qa!'
> valgrind vim -u NONE -e -s -S POC3 -c ':qa!'
Aha, it's apparently essential to use Ex mode.
> But if you want to use asan, both gcc and clang have had
> asan for quite a while now. All that is needed to use asan is to
> compile and link vim with -fsanitize=address and then run vim
> normally. One way is to uncomment out this line in vim/src/Makefile
> to compile vim with asan:
>
> #SANITIZER_CFLAGS = -g -O0 -fsanitize=address -fno-omit-frame-pointer
>
> Anyway, asan is not needed in the cases of POC2 or POC3.
> Asan was needed for POC1, but this one has been fixed
> already.
Yep.
--
hundred-and-one symptoms of being an internet addict:
137. You decide to stay in college for an additional year or two,
just so you can have the free Internet access.
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
