https://sourceware.org/bugzilla/show_bug.cgi?id=33004
--- Comment #4 from Mark Wielaard <mark at klomp dot org> --- (In reply to Xudong Cao from comment #3) > Thanks for the quick fix! > I agree the files are malformed, but any out-of-bounds access caught by ASan > is still considered a memory-safety defect from the security point of view. > The early-exit patch solves that, so many thanks. It isn't a memory-safety issue, but a false positive from ASan since it cannot be triggered outside of ASan. Also we don't consider bugs on deliberately malformed files (untrustworthy inputs) by the standalone tools security issues. See https://sourceware.org/cgit/elfutils/tree/SECURITY for our security policy. -- You are receiving this mail because: You are on the CC list for the bug.
