[Bug 342158] New: Emacs buffer overflow
https://bugzilla.novell.com/show_bug.cgi?id=342158 Summary: Emacs buffer overflow Product: openSUSE 10.3 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: schwab@novell.com QAContact: qa@suse.de Found By: --- $ emacs -batch -eval '(format "%.100d" 1)' Fatal error (6)Aborted -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=342158#c1 --- Comment #1 from Andreas Schwab <schwab@novell.com> 2007-11-16 03:43:54 MST --- Created an attachment (id=183665) --> (https://bugzilla.novell.com/attachment.cgi?id=183665) Patch -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=342158#c2 --- Comment #2 from Thomas Biege <thomas@novell.com> 2007-11-16 04:15:51 MST --- Does it just trigger an abort(3)? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=342158#c3 --- Comment #3 from Andreas Schwab <schwab@novell.com> 2007-11-16 05:18:12 MST --- The abort is just the symptom. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=342158#c5 --- Comment #5 from Thomas Biege <thomas@novell.com> 2007-11-16 06:39:36 MST --- I am unable to read this huge function with nested loops. Do you think this bug is exploitable somehow? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=342158#c6 --- Comment #6 from Andreas Schwab <schwab@novell.com> 2007-11-16 06:53:33 MST --- There are just two loop over the format string, nothing complicated. The abort is of course after the fact. $ emacs -batch -eval '(format "%.1000d" 1)' Fatal error (11)Segmentation fault -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=342158 Thomas Biege <thomas@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Emacs buffer overflow |VUL-0: Emacs buffer overflow -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=342158 Marcus Meissner <meissner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Group|novellonly | CC| |meissner@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com