erl_interface: potential buffer overflow in every call to a ei_decode_* function
Fri May 12 05:46:25 CEST 2006
No ei_decode_* function takes a buffer size as an argument.
Therefore, when decoding wrong data, those functions may read
after the end of the buffer.
This may be detected afterwards, by comparing the returned index
with the buffer size, but an access out of the buffer bounds may
already have provoked a segmentation fault before the decoding
function call returns.
The solution is to add a buffer size argument to every
ei_decode_* function, and to compare it with the index for every
More information about the erlang-bugs