-
-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
206 changed files
with
32,726 additions
and
13,474 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| # License | ||
|
|
||
| Copyright (c) 2018-2021 Gavin D. Howard <yzena.tech@gmail.com> | ||
| Copyright (c) 2018-2024 Gavin D. Howard <gavin@gavinhoward.com> | ||
|
|
||
| Redistribution and use in source and binary forms, with or without modification, | ||
| are permitted provided that the following conditions are met: | ||
|
|
@@ -31,7 +31,7 @@ copyrights and license: | |
| Copyright (c) 2010-2014, Salvatore Sanfilippo <antirez at gmail dot com><br> | ||
| Copyright (c) 2010-2013, Pieter Noordhuis <pcnoordhuis at gmail dot com><br> | ||
| Copyright (c) 2018 rain-1 <[email protected]><br> | ||
| Copyright (c) 2018-2021, Gavin D. Howard <yzena.tech@gmail.com> | ||
| Copyright (c) 2018-2023, Gavin D. Howard <gavin@gavinhoward.com> | ||
|
|
||
| Redistribution and use in source and binary forms, with or without modification, | ||
| are permitted provided that the following conditions are met: | ||
|
|
@@ -59,8 +59,8 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| The files `src/rand.c` and `include/rand.h` are under the following copyrights | ||
| and license: | ||
|
|
||
| Copyright (c) 2014-2017 Melissa O'Neill and PCG Project contributors | ||
| Copyright (c) 2018-2021 Gavin D. Howard <yzena.tech@gmail.com> | ||
| Copyright (c) 2014-2017 Melissa O'Neill and PCG Project contributors<br> | ||
| Copyright (c) 2018-2024 Gavin D. Howard <gavin@gavinhoward.com> | ||
|
|
||
| Permission is hereby granted, free of charge, to any person obtaining a copy of | ||
| this software and associated documentation files (the "Software"), to deal in | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| # Memory Bugs | ||
|
|
||
| This is a list of all of the memory bugs that were found in *released* versions | ||
| of `bc`, `dc`, or `bcl`. (Non-released commits with memory bugs do not count.) | ||
|
|
||
| I made this list for two reasons: first, so users can know what versions of | ||
| `bc`, `dc`, and `bcl` have vulnerabilities, and two, I once had a perfect record | ||
| and then found a couple, but forgot and claimed I still had a perfect record | ||
| right after, which was embarrassing. | ||
|
|
||
| This list is sorted by the first version a bug exists in, not the last it | ||
| existed in. | ||
|
|
||
| * In versions `1.1.0` until `6.2.0` (inclusive) of `bc` and `dc`, there is a | ||
| out of bounds read and write in history when pressing ctrl+r (or any other | ||
| unused letter) then inserting two characters. | ||
|
|
||
| The first version without this bug is `6.2.1`. | ||
|
|
||
| * In versions `3.0.0` until `6.0.1` (inclusive) of `bc` and `dc`, there is a | ||
| double-free on `SIGINT` when using command-line expressions with `-e` and | ||
| `-f`. This was caused by not properly ending a jump series. | ||
|
|
||
| The first version without this bug is `6.0.2`. | ||
|
|
||
| * In versions `3.0.0` until `6.7.5` (inclusive) of `bc` and `dc`, there is a | ||
| possible out-of-bounds read when there is an error flushing `stdout` on exit | ||
| because such an error would cause `bc` and `dc` to attempt to use a `jmp_buf` | ||
| when none exists. | ||
|
|
||
| The first version without this bug is `6.7.6`. | ||
|
|
||
| * In versions `5.0.0` until `6.0.4` (inclusive) of `bc`, there is an | ||
| out-of-bounds access if a non-local (non-`auto`) variable is set to a string | ||
| with `asciify()`, then the function is redefined with a use of the same | ||
| non-local variable. | ||
|
|
||
| This happened because strings were stored per-function, and the non-local | ||
| variable now had a reference to the string in the old function, which could be | ||
| at a higher index than exists in the new function. Strings are stored globally | ||
| now, and they are *not* freed once not used. | ||
|
|
||
| The first version without this bug is `6.1.0`. | ||
|
|
||
| * In versions `5.0.0` until `6.0.4` (inclusive) of `bc`, there is another | ||
| out-of-bounds access if an array is passed to the `asciify()` built-in | ||
| function as the only argument. This happened because arrays are allowed as | ||
| function arguments, which allowed them to be used as arguments to `asciify()`, | ||
| but they should not have been allowed. However, since they were, the | ||
| `asciify()` code tried to access an argument that was not there. | ||
|
|
||
| The first version without this bug is `6.1.0`. | ||
|
|
||
| * In version `6.0.0` of `bcl`, there are several uses of initialized data that | ||
| have the same root cause: I forgot to call `memset()` on the per-thread global | ||
| data. This is because the data used to be *actually* global, which meant that | ||
| it was initialized to zero by the system. This happened because I thought I | ||
| had properly hooked Valgrind into my `bcl` tests, but I had not. | ||
|
|
||
| The first version without this bug is `6.0.1`. | ||
|
|
||
| * In version `6.0.0` until `6.2.4` (inclusive) of `bcl`, there is a possible | ||
| use-after-free if `bcl_init()` fails. | ||
|
|
||
| The first version without this bug is `6.2.5`. |
Oops, something went wrong.