Skip Menu |
 

This queue is for tickets about the FCGI CPAN distribution.

Report information
The Basics
Id: 100315
Status: new
Priority: 0/
Queue: FCGI

People
Owner: Nobody in particular
Requestors: fweimer [...] redhat.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: 0.74
Fixed in: (no value)



Subject: INT_MIN hardening for the READ method
Download (untitled) / with headers
text/plain 689b
While browsing the source code, I think I have identified a hardening opportunity: I believe the READ method in the XS file should check if offset == INT_MIN, because if it is, -offset is still negative (strictly speaking, even undefined), so the code has some strange behavior as a result. I can send you a patch if you want, but it's difficult for me to test it properly. I believe the other corner cases related to large and negative values are handled correctly, both in FCGI.xs and fgciapp.c, but double-checking this cannot hurt. I had also identified an eval issue, but that has since been made obsolete by commit fd4e384a0d3ee82faf4be58384d5648d7eaeebd1 (which went into 0.75).


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.