chicken -- Potential buffer overrun in string-translate*

ID 0DA404AD-1891-11E5-A1CF-002590263BF5
Type freebsd
Reporter FreeBSD
Modified 2015-07-31T00:00:00


chicken developer Peter Bex reports:

Using gcc's Address Sanitizer, it was discovered that the string-translate procedure from the data-structures unit can scan beyond the input string's length up to the length of the source strings in the map that's passed to string-translate. This issue was fixed in master 8a46020, and it will make its way into CHICKEN 4.10. This bug is present in all released versions of CHICKEN.