Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

math: p_median: Fix for stack overflow weakness. #170

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

math: p_median: Fix for stack overflow weakness. #170

wants to merge 1 commit into from

Commits on Jun 20, 2015

  1. math: p_median: Fix for stack overflow weakness.

    The use of variable length arrays (VLA) without any size range checking is a security weakness that can be used to provoke a stack overflow that may lead to an arbitrary code execution vu$
    
    My proposed fix simply uses dynamic memory allocation over VLA.
    
    For more information regarding proper use of VLA, please read:
    https://www.securecoding.cert.org/confluence/display/c/ARR32-C.+Ensure+size+arguments+for+variable+length+arrays+are+in+a+valid+range
    
    Signed-off-by: Giancarlo Canales Barreto <[email protected]>
    gcanalesb committed Jun 20, 2015
    Configuration menu
    Copy the full SHA
    3be251d View commit details
    Browse the repository at this point in the history