Hi Thomas, Thomas DiModica <ricinwich@yahoo.com> writes: > Greetings, > > Yes, I keep spamming this trying to find an appropriate mailing list. I don't > remember how or why I initially stumbled across this bug report > (https://bugs.launchpad.net/ubuntu/+source/bc/+bug/1775776), but, given that > I have some familiarity with GNU bc, I decided to fix some of the issues. > Turns out, this also seems to fix the crashes reported here > (https://www.openwall.com/lists/oss-security/2018/11/28/1). I think it would > be a lot more useful to share this, as there isn't a lot to review. There are > three bug fixes and some self-defensive checks in the runtime for malformed > bytecode. Address Sanitizer tells me that these previously invalid memory > references now just leak memory. I don't appear to have broken anything in the > process, either. I'm not a member of any Debian mailing list, but I will try > to watch for responses. > > Just trying to be somewhat helpful, I took your patch, and created a merge request on our gitlab instance: https://salsa.debian.org/debian/bc/-/merge_requests/4 The patch has been slightly modified, to make it cleanly apply -- perhaps you'd be kind enough to check that I've not broken anything: https://salsa.debian.org/philh/bc/-/blob/ricinwich/debian/patches/09_crash-fixes.diff I note that bc doesn't see much activity, so I've no idea how long it might be before this makes its way into a release of the package, but at least this way it will not simply be forgotten on the mailing-list. BTW you are welcome to create an account on salsa.debian.org if you wish to contribute directly there. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/ http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg, GERMANY
Attachment:
signature.asc
Description: PGP signature