[Bug 1162655] CVE-2014-8737 binutils: directory traversal vulnerability
bugzilla at redhat.com
bugzilla at redhat.com
Fri Oct 16 15:08:06 UTC 2015
https://bugzilla.redhat.com/show_bug.cgi?id=1162655
--- Comment #22 from Nick Clifton <nickc at redhat.com> ---
Created attachment 1083729
--> https://bugzilla.redhat.com/attachment.cgi?id=1083729&action=edit
Remove resource leak from binutils-th1162655.patch
Note - the patch for this BZ inadvertently introduced a resource leak into the
binutils sources. This leak is detected by the covscan tool.
What can happen is that a buffer of 8192 bytes is allocated but not freed.
This only happens when an illegal archive is being processed, and in this case
the program will exit very shortly afterwards. So the resource will not
prevent the proper functioning of the program on valid archives, and it will
not prevent the program from reporting and exiting (cleanly) on invalid
archives.
Since this problem has been detected so late in the 7.2 release process, a fix
for it is being delayed until 7.3. The update to fix the patch is uploaded
here.
Cheers
Nick
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=UCnD6nzmcs&a=cc_unsubscribe
More information about the mingw
mailing list