oss-sec mailing list archives
invalid free in GNU ed before 1.14.1
From: Hanno Böck <hanno () hboeck de>
Date: Thu, 12 Jan 2017 12:14:05 +0100
Hi, ed 1.14.1 fixes an invalid free, reported here: https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html Reproducer: echo -e "H\n?\{" | ed Found with afl. ed 1.14.1 didn't show any more issues with afl/asan fuzzing. Not sure if there's any scenario where ed is used with untrusted input. ed isn't developed in a version control system, therefore I can't link to a commit, but the patch to fix it is this: --- a/regex.c 2017-01-06 02:06:04.000000000 +0100 +++ b/regex.c 2017-01-09 17:09:51.000000000 +0100 @@ -135,7 +135,6 @@ static regex_t * get_compiled_regex( con char buf[80]; regerror( n, exp, buf, sizeof buf ); set_error_msg( buf ); - free( exp ); exp = 0; } return exp; -- Hanno Böck https://hboeck.de/ mail/jabber: hanno () hboeck de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Current thread:
- invalid free in GNU ed before 1.14.1 Hanno Böck (Jan 12)
- Re: invalid free in GNU ed before 1.14.1 Florian Weimer (Jan 12)
- Re: invalid free in GNU ed before 1.14.1 Hanno Böck (Jan 12)
- Re: invalid free in GNU ed before 1.14.1 cve-assign (Jan 12)
- Re: invalid free in GNU ed before 1.14.1 Florian Weimer (Jan 12)