Most_Mini_Buf can overflow

Open gavinwy opened this issue 7 months ago • 3 comments

I discovered that with the Arch Linux build of most, it can be made to buffer overflow by trying to search more than 140 or so characters. This is caught by Arch building with the _FORTIFY_SOURCE=3 glibc macro. It doesn't result in a crash without the _FORTIFY_SOURCE=3 macro used, but I believe the overflow still happens when using the Makefile from upstream most, but it doesn't result in a crash in that instance.

There is discussion about this in the Arch bug tracker, where people suspect it's strcpy overflowing a Most_Mini_Buf here. There are core dumps and gdb backtraces there too.

Jul 03 '25 18:07 gavinwy