On Mon, Oct 22, 2001 at 04:32:23AM +0300, Peter Pentchev wrote: > On Sat, Oct 20, 2001 at 12:22:31PM -0700, dotslash@snosoft.com wrote: [snip] > > [OSXBOX:~] elguapo% gm4 %s > > gm4: Memory bounds violation detected (SIGSEGV). Either a stack overflow > > occurred, or there is a bug in gm4. Check for possible infinite > > recursion. > > Segmentation fault > > [CC'd to bug-gnu-utils, hopefully this is the right address; if it is > not (GNU seems to have moved away from prep.ai), then please somebody > notify the current m4 maintainers] > > Confirmed with GNU m4 1.4 on FreeBSD 4.4-STABLE as of Oct 21. > > The attached patch fixes the reported segfault and one other unsafe > use of the m4 internal function error(). I have not looked at other > functions within m4 that might use printf(3) and friends unsafely, > so there might be other bugs lurking about. For the record, I just committed that patch to the FreeBSD port of GNU m4. Therefore, the devel/m4 FreeBSD port at version m4-1.4_1 as of Mon Oct 22 02:03:10 2001 UTC is not vulnerable at least to this particular format string attack. And just as a side note, it seems I was wrong about GNU having moved away from prep.ai.mit.edu. ftp.gnu.org/gnuftp.gnu.org are just aliases. Should have known better than to speak before checking :) G'luck, Peter -- What would this sentence be like if pi were 3?
