[Boost-bugs] [Boost C++ Libraries] #6528: Potential vulnerability in programs recompiled for 64-bit platforms

Subject: [Boost-bugs] [Boost C++ Libraries] #6528: Potential vulnerability in programs recompiled for 64-bit platforms
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2012-02-06 11:41:51

• Next message: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #5649: create_directories() fails with NTFS mounted volumes"
• Previous message: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #6331: [Boost.Test] g++ compilation error due to ambiguity between template<class Cond, class T> struct boost::enable_if and class boost::unit_test::decorator::enable_if as well as the disable_if counterparts introduced after Boost 1.48.0 (up to at least svn rev. 76217)"
• Next in thread: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #6528: Potential vulnerability in programs recompiled for 64-bit platforms"
• Reply: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #6528: Potential vulnerability in programs recompiled for 64-bit platforms"
• Reply: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #6528: Potential vulnerability in programs recompiled for 64-bit platforms"
• Reply: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #6528: Potential vulnerability in programs recompiled for 64-bit platforms"
• Reply: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #6528: Potential vulnerability in programs recompiled for 64-bit platforms"
• Reply: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #6528: Potential vulnerability in programs recompiled for 64-bit platforms"
• Reply: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #6528: Potential vulnerability in programs recompiled for 64-bit platforms"
• Reply: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #6528: Potential vulnerability in programs recompiled for 64-bit platforms"
• Reply: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #6528: Potential vulnerability in programs recompiled for 64-bit platforms"

#6528: Potential vulnerability in programs recompiled for 64-bit platforms
---------------------------------------------+------------------------------
 Reporter: econometrics@… | Owner: jsiek
     Type: Bugs | Status: new
Milestone: To Be Determined | Component: dynamic_bitset
  Version: Boost 1.38.0 | Severity: Problem
 Keywords: Vulnerability, 64-bit, overflow |
---------------------------------------------+------------------------------
 Default block size for the dynamic_bitset<> class on a 32bit platform is 4
 bytes, while on a 64bit one it is actually 8 bytes. Therefore, objects of
 dynamic_bitset<> will have different m_bits array lengths on 32- and
 64-bit platforms. It is very likely to cause an overflow on the 64-bit
 platform.

 Conclusion: any program using dynamic_bitset<>::m_bits and recompiled from
 32- to 64-bit is vulnerable.

-- 
Ticket URL: <https://svn.boost.org/trac/boost/ticket/6528>
Boost C++ Libraries <http://www.boost.org/>
Boost provides free peer-reviewed portable C++ source libraries.

• Next message: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #5649: create_directories() fails with NTFS mounted volumes"
• Previous message: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #6331: [Boost.Test] g++ compilation error due to ambiguity between template<class Cond, class T> struct boost::enable_if and class boost::unit_test::decorator::enable_if as well as the disable_if counterparts introduced after Boost 1.48.0 (up to at least svn rev. 76217)"
• Next in thread: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #6528: Potential vulnerability in programs recompiled for 64-bit platforms"
• Reply: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #6528: Potential vulnerability in programs recompiled for 64-bit platforms"
• Reply: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #6528: Potential vulnerability in programs recompiled for 64-bit platforms"
• Reply: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #6528: Potential vulnerability in programs recompiled for 64-bit platforms"
• Reply: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #6528: Potential vulnerability in programs recompiled for 64-bit platforms"
• Reply: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #6528: Potential vulnerability in programs recompiled for 64-bit platforms"
• Reply: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #6528: Potential vulnerability in programs recompiled for 64-bit platforms"
• Reply: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #6528: Potential vulnerability in programs recompiled for 64-bit platforms"
• Reply: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #6528: Potential vulnerability in programs recompiled for 64-bit platforms"

This archive was generated by hypermail 2.1.7 : 2017-02-16 18:50:08 UTC