Re: Flex seg faults on very long lines (patch)
On Wednesday, 04 September 2002,22:00 -0500, Manoj Srivastava wrote:
> Hi,
>
> The following flex input,
>
> ---> flextest.lex <---
> BOGUS aaa[insert 3000 more a's here]aaa
> %%
> a { /* example */ }
> ---> end <---
>
>
> causes a segfault:
>
> $ flex flextest.lex
> Segmentation fault
>
> I am told this could be a potential security issue, since
> nmdef is an automatic variable defined inside a function, and hence
> lands up on the stack.
>
> The the person who discovered the flaw, Alexander Klauer
> <Graf.Zahl@gmx.net>, created an initial patch, which has been expanded
> to cover all other places where a fixed size buffer was initiated
> from an unchecked yytext string. There were several other places
> where this happened.
>
> A fixed Debian package has been uploaded to incoming
>
> manoj
Thanks for your report.
I applied the patch to the current flex tree. It required a bit of
work as the 2.5.4 codebase is rather a bit different than the current
(2.5.18) codebase.
I am in the process of preparing for an official release of flex. What
can I do to help the debian package maintainers switch over to the new
flex?
Thanks,
--Will
Reply to: