The SSL_checksum causes 1 byte to be written beyond the end of a stack-allocated buffer. See the following code:

char buf[32] ;
int i, offset = 0;

for (i=0; i<16 ; i++) {
offset += sprintf(&(buf[offset]), “%02x”, digest[i]);

I compiled strategoxt-0.17pre19210 on OS X 10.6.2 with gcc version 4.2.1 (Apple Inc. build 5646), which contains stack checking logic. The program was compiled using -m32 (due to other problems I encountered when using the default 64-bit compile).

This bug is triggered in certain situations in which str is compiling dynamic rules.

Here is a sample program which triggers it (strc exits with an abort trap signal):

module test


foo = rules(Test: “a” -> “b”)

main = if

Submitted on 8 December 2009 at 11:39

On 8 December 2009 at 11:56 Jira commented:

STR-784, rbvermaa:
This was resolved in revision 19744 by Lennart.

Log in to post comments