[vile] 64-bit crash in internal XML filter

vile

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vile] 64-bit crash in internal XML filter

From:	Rick Sladkey
Subject:	[vile] 64-bit crash in internal XML filter
Date:	Fri, 18 Jun 2010 17:22:16 -0400

The 64-bit version of vile reveals a previously harmless bug in
the internal XML-filter.  The bug is that for syntactically
valid XML files, Num_tags is decremented past zero.  On the
next pass, in 32-bit the pointer arithmetic wraps around to an
incorrect but accessible address, but on 64-bit it's a bad pointer
off by many gigabytes.

diff -ru orig/vile-9.7ze/filters/xml-filt.l vile-9.7ze/filters/xml-filt.l
--- orig/vile-9.7ze/filters/xml-filt.l  2010-05-11 19:09:44.000000000 -0400
+++ vile-9.7ze/filters/xml-filt.l       2010-06-18 17:07:33.312300900 -0400
@@ -303,7 +303,8 @@
     flt_bfr_error();
 
     if (Tags != 0) {
-       while (Num_tags-- > 0) {
+       while (Num_tags > 0) {
+           --Num_tags;
            flt_error("expected tag:%s", Tags[Num_tags].name);
            free(Tags[Num_tags].name);
        }

[Prev in Thread]

Current Thread

[Next in Thread]

[vile] 64-bit crash in internal XML filter, Rick Sladkey <=
- Re: [vile] 64-bit crash in internal XML filter, Thomas Dickey, 2010/06/18

Prev by Date: Re: [vile] C# verbatim string literals
Next by Date: Re: [vile] 64-bit crash in internal XML filter
Previous by thread: [vile] C# verbatim string literals
Next by thread: Re: [vile] 64-bit crash in internal XML filter
Index(es):
- Date
- Thread