chicken -- buffer overrun in substring-index[-ci]

2015-01-12T00:00:00
ID E7B7F2B5-177A-11E5-AD33-F8D111029E6A
Type freebsd
Reporter FreeBSD
Modified 2015-06-23T00:00:00

Description

chicken developer Moritz Heidkamp reports:

The substring-index[-ci] procedures of the data-structures unit are vulnerable to a buffer overrun attack when passed an integer greater than zero as the optional START argument. As a work-around you can switch to SRFI 13's string-contains procedure which also returns the substring's index in case it is found.