Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250425000830.GA25158@openwall.com>
Date: Fri, 25 Apr 2025 02:08:31 +0200
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow

On Thu, Apr 24, 2025 at 09:06:26PM +0200, Jakub Wilk wrote:
> * Solar Designer <solar@...nwall.com>, 2025-04-24 20:32:
> >There appears to be a growing trend towards calling OOB reads "buffer 
> >overflows".
> 
> Part of the problem may be that AddressSanitizer uses this unforuntate 
> terminology; you get something like this:
> 
>     ==7802==ERROR: AddressSanitizer: stack-buffer-overflow on address 
>     0xf5f00021 at pc 0xf79c113e bp 0xfff496e8 sp 0xfff492c4
>     READ of size 2 at 0xf5f00021 thread T0

Yes, this may very well be the main cause of this trend.  Is someone
reading this in a position to change the wording in AddressSanitizer?
For example, it could have "stack out-of-bounds read" in place of
"stack-buffer-overflow" above.

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.