[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Flex seg faults on very long lines (patch)

On Wednesday, 04 September 2002,22:00 -0500, Manoj Srivastava wrote:

> Hi,
> 	The following flex input,
> ---> flextest.lex <---                                                         
>  BOGUS   aaa[insert 3000 more a's here]aaa                                      
>  %%                                                                             
>  a { /* example */ }                                                            
>  ---> end <---                                                                  
>  causes a segfault:                                                             
>  $ flex flextest.lex                                                            
>  Segmentation fault                                                             
>  	I am told this could be a potential security issue, since
>  nmdef is an automatic variable defined inside a  function, and hence
>  lands up on the stack. 
>         The the person who discovered the flaw, Alexander Klauer
>  <Graf.Zahl@gmx.net>, created an initial patch, which has been expanded
>  to cover all other places where a fixed size buffer was initiated
>  from an unchecked yytext string. There were several other places
>  where this happened.
> 	A fixed Debian package has been uploaded to incoming
> 	manoj

Thanks for your report.

I applied the patch to the current flex tree. It required a bit of
work as the 2.5.4 codebase is rather a bit different than the current
(2.5.18) codebase.

I am in the process of preparing for an official release of flex. What
can I do to help the debian package maintainers switch over to the new



Reply to: