This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Hi Maciej, Hi Michal,
$ wget http://lcamtuf.coredump.cx/strings-bfd-badptr2
FYI, this test case has now been fixed.
In any case: the bottom line is that if you are used to running strings on random files, or depend on any libbfd-based tools for forensic purposes, you should probably change your habits. For strings specifically, invoking it with the -a parameter seems to inhibit the use of libbfd. Distro vendors may want to consider making the -a mode default, too.
There are also alternatives to the GNU Binutils strings program. eu-strings for example, or even "od -S 4".
It is true however that there are still vulnerabilities in libbfd, and I for one would happy to see new bug reports exposing them. I can assure you that any such bug report reaching me will be treated seriously, and will be investigated and fixed as soon as possible.
Cheers Nick
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |