Nobuyoshi Nakada wrote: > `encodes()` does uuencode and mime-encode, so never writes '\0'. Sorry, my bad - I already forgot it was '\n' that was written out of bounds, not '\0'.thoger (Tomas Hoger)
This seems to be getting off-topic, so just few quick notes: * It seems -fstack-protector* (SSP) is what is referred to in the previous comment, not FORTIFY_SOURCE. * If there is encodes()'s buff[] overflow, it corrupts encodes()'s S...thoger (Tomas Hoger)
Nobuyoshi Nakada wrote: > I couldn't reproduce it with that code, can you? I can't, and I explained that the output of OpenSSL::HMAC.digest is way too short to fill or overflow buff[] in encodes(). It was added to make it possible f...thoger (Tomas Hoger)
Will Wood wrote: > Here's the issue. In the loop (len >= 3) you check to see if there's enough room in buff. Unfortunately if len < 3 we don't flush the buffer and then write additional bytes onto the end without checking. The chec...thoger (Tomas Hoger)
String format directive `m` for Array `pack()` is documented as: ~~~ m | String | base64 encoded string (see RFC 2045, count is width) | | (if count is 0, no line feed are added, see RFC 4648) ~~~ ...thoger (Tomas Hoger)
Nobuyoshi Nakada wrote: > But if `tail_lf` is 1, `len` is a multiple of 3, so it can't be 3070. `len` in `encodes()` can be anything between 1 and `len` from `pack_pack()` (which is a multiple of 3). It is possible to trigger mentio...thoger (Tomas Hoger)
thoger (Tomas Hoger)11:55 AM Ruby Bug #10019: segmentation fault/buffer overrun in pack.c (encodes)