[Bug libdw/26773] sleb128 values near INT64_MAX/MIN not correctly read

jistone at redhat dot com sourceware-bugzilla@sourceware.org
Thu Oct 22 23:46:57 GMT 2020


https://sourceware.org/bugzilla/show_bug.cgi?id=26773

Josh Stone <jistone at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jistone at redhat dot com

--- Comment #2 from Josh Stone <jistone at redhat dot com> ---
(In reply to Tom Tromey from comment #1)
> This limits the number of bytes read-- but it seems like
> it maybe ought to read until the first byte without the
> high bit set.

Beware, golang just dealt with a CVE for reading unlimited varints:
https://github.com/golang/go/issues/40618

(But the context is different since that's used in stuff like protocol buffers
that may be streamed.)

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the Elfutils-devel mailing list