I found thiese comments from Ramon de C Valle in the RedHat bugzilla (2011-10-28 11:21:16 EDT)
Doug Lea's Malloc stores chunks whose size is smaller than 512 bytes in one of the small bins, which holds identically sized chunks. The size of a chunk is always a multiple of 8 bytes, and the first small bin holds 16 bytes chunks. Since the minimum allocated size is 16 bytes, it seems no data that can result in application crash can be overwritten as a result of this. (2011-11-15 11:30:35 EST) The Red Hat Security Response Team does not consider this to be a security issue. For additional information, refer to: https://bugzilla.redhat.com/show_bug.cgi?id=749324#c1. I believe this indicate that when the function is working on memory blocks from the heap, there will always be spare room and no overwriting will take place. That leave on stack space, which I guess rarely are used for random UTF-8 strings. Perhaps this issue isn't really a security problem and the severity should be reduced? -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
