Front page | perl.perl5.porters |
Postings from December 2012
On Thu, Dec 13, 2012 at 03:11:39PM -0600, Reini Urban wrote:
> Thanks, same here.
> I came to the believe that this is a false-positive, which was
> caused by adding the new use-after-return (UAR) detection feature.
>
> The disassembly at this location shows some code to check for
> use-after-return here, which looks like a compiler bug to me.
>
> http://code.google.com/p/address-sanitizer/issues/detail?id=127#c6
>
> Unfortunately we have no way yet to tell the compiler not to
> instrument this function with the new use-after-return.
Ok, so the final tally for the three new 5.14.3 critical security bugs
appears to be:
* two existed prior to 5.14.3, so weren't new; and neither are security
issues;
* one was an asan false positive.
In the light of this, could you please withdraw your recommendation for people
to stick with 5.14.2, since 5.14.3 contains a fix for a real, verified
(if somewhat unlikely) arbitrary code execution flaw?
--
A power surge on the Bridge is rapidly and correctly diagnosed as a faulty
capacitor by the highly-trained and competent engineering staff.
-- Things That Never Happen in "Star Trek" #9
Thread Previous
|
Thread Next