Hello again, On Thu, Jun 02, 2005 at 07:25:41PM +0200, Martin Schulze wrote: > Florian Ernst wrote: > > I believe this change wasn't aimed at preventing an integer overflow > > at all, but rather at preventing a "malloc(0)". > [...] > --> superflous crap for a security update.
Agreed. > > This is my interpretation of this change, please hit me (hard) with a > > cluebat if I'm wrong. > > I had hoped you would have come up with a different explanation, since > this is what I thought as well. :-% No, sorry. On Thu, Jun 02, 2005 at 07:57:06PM +0200, Martin Schulze wrote: > I've looked at the patch you've provided and I must say that I believe > that it is utterly broken with regards to the "integer overflow". I > don't think that I've discovered a single integer overflow that's > been prevented. Attached is what was left over after the investigation. > [...] > Please correct me if I'm wrong. > Please run a diff agains the interdiff between the stable > package and the "fixed" packages. Done, your attachment looks OK to me. I'm now quite unsure about the wording of the changelog entry, though. Thanks a lot for your investigation, cheers, Flo
signature.asc
Description: Digital signature
