chicken -- buffer overrun in substring-index[-ci]

ID E7B7F2B5-177A-11E5-AD33-F8D111029E6A
Type freebsd
Reporter FreeBSD
Modified 2015-06-23T00:00:00


chicken developer Moritz Heidkamp reports:

The substring-index[-ci] procedures of the data-structures unit are vulnerable to a buffer overrun attack when passed an integer greater than zero as the optional START argument. As a work-around you can switch to SRFI 13's string-contains procedure which also returns the substring's index in case it is found.