oss-sec mailing list archives
A note about the multiple crashes in zziplib
From: Agostino Sarubbo <ago () gentoo org>
Date: Thu, 09 Feb 2017 15:02:50 +0100
Hello all, I posted several crashes about zziplib. The latest release was done ~5 years ago and the upstream bugs place seems to be dead. However, I will forward them on their website. I didn't receive any type of feedback from the maintainer so I don't know if some of them are duplicates. In any case there are problems where the same codebase was used in more places, e.g.: http://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-main-unzzipcat-c/ shows a null ptr at: unzzipcat.c:94 and https://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-main-unzzipcat-mem-c/ shows a null ptr at: unzzipcat-mem.c:94 Both C file have the same code at line 94: printf ("%s\n", name); So, while in the past, sometimes, we saw that one 'change' in the code was able to fix more than one issue, in this case, the issue is the same but it duplicate in more '.c' file -- Agostino Sarubbo Gentoo Linux Developer
Current thread:
- A note about the multiple crashes in zziplib Agostino Sarubbo (Feb 09)
- Message not available
- Re: A note about the multiple crashes in zziplib Agostino Sarubbo (Feb 14)
- Re: A note about the multiple crashes in zziplib Ian Zimmerman (Feb 14)
- Re: A note about the multiple crashes in zziplib Agostino Sarubbo (Feb 14)
- Message not available