[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Libidn serious bug on Windows x64
From: |
Evgeny Grin |
Subject: |
Libidn serious bug on Windows x64 |
Date: |
Tue, 29 Mar 2016 12:16:58 +0300 |
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.1 |
Hi!
While debugging cURL on Windows x64 crash with simple run of "curl -v
http://яндекс.рф", I discovered that crash caused by calling
tld_check_lz(). Further investigations reveal pointer to size_t is cast
to pointer to long in stringprep_utf8_to_ucs4() which in invalid on
Win64. As result - very high number is stored in items_written and in
tld_get_4() dereferenced an invalid pointer.
I can't make a minimal example to illustrate it as in minimal example
initial nullifying hides the problem. Hope that invalid casting is
obvious problem.
--
Best Wishes,
Evgeny Grin
signature.asc
Description: OpenPGP digital signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Libidn serious bug on Windows x64,
Evgeny Grin <=