On Sun, Apr 13, 2014 at 08:38:11AM -0500, Ranjan Maitra wrote:
On Sun, 13 Apr 2014 09:15:04 -0400 Rahul Sundaram
<metherid(a)gmail.com>
wrote:
> Hi
>
>
> On Sun, Apr 13, 2014 at 6:23 AM, Timothy Murphy wrote:
>
> > Roger wrote:
> >
> > > It happened. It was known for years.
> >
> > Everything I have seen says it has been known for about 1 week.
> >
> > Incidentally, I am no programmer but I would have thought
> > it would be relatively simple to set up a test
> > to see if a "malloc"-ed space could be transgressed.
> >
>
> Not in this case. openssl uses a custom malloc
>
So, a valgrind -tool=memcheck --leak-check=yes --show-reachable=yes
--track-fds=yes --track-origins=yes would not have helped?
AFAIU this is not a memory leak; it is a buffer overflow: lack of bounds
checking. I do not think valgrind (or any other tool) can help with
that. Feel free to correct me if I am wrong.
Cheers,
--
Suvayu
Open source is the future. It sets us free.