[cups.bugs] [MOD] STR #3867: cups: gif reader infinite loop and heap buffer overflow
Tomas Hoger
thoger at redhat.com
Fri Jul 29 01:15:37 PDT 2011
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR Closed w/Resolution]
One thing I realized later, the crash as described above depends on stack[]
being located above the table[][]. If memory allocator places it below,
stack[] overflow can result in table[][] modification, which can break the
infinite loop, and the program may continue executing with corrupted heap.
Link: http://www.cups.org/str.php?L3867
Version: 1.4.6
Fix Version: 1.5-current (r9840)
More information about the cups
mailing list