[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAF6rxgkssC8Bt6jWGcLF0OSa=L9g4ogkDRMeVnDr4xivWnhRJQ@mail.gmail.com>
Date: Sat, 27 Oct 2012 15:08:00 -0400
From: Eitan Adler <lists@...anadler.com>
To: oss-security@...ts.openwall.com
Subject: Re: Medium severity flaw with Perl 5
On 26 October 2012 04:48, Tim Brown <timb@...-dimension.org.uk> wrote:
> I recently discovered that Perl 5 interpreter is vulnerable to memory
> corruption when large values are supplied to the x operator.
>
> After discussions with the vendor, CVE-2012-5195 was assigned to this
> vulnerability.
>
> I know Red Hat and Debian have picked it up, but I'm not sure about other
> vendors.
On FreeBSD
on amd64: typedef __uint64_t __size_t;
on i386 I believe __size_t is __unit32_t;
Since memset takes a size_t (typedefed of __size_t) a negative number
would either be optimized out or turned into a large positive number.
As such there is no negative offset or negative jump.
and such we are not vulnerable.
Is this correct or am I missing something?
--
Eitan Adler
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
