Security of binary_to_term ?

Bjorn Gustavsson <>
Wed Jun 27 19:48:39 CEST 2001


Pascal Brisset <> writes:

> Well this is what security is about, isn't it ? :) Actually I stumbled
> on one of those pathological cases, and I was wondering whether it was
> just a bug or whether additional checks were required anyway.
> 
> $ erl
> Erlang (BEAM) emulator version 5.0.2.4 [source]
> 
> Eshell V5.0.2.4  (abort with ^G)
> 1> binary_to_term(<<131,111,255,0,0,0>>).
> zsh: 30198 segmentation fault  ./bin/erl

This is bug. There ARE range checks in binary_to_term/1.

I don't know why there is crasch only on certain platform.
It doesn't crasch on Solaris/Sparc, but it crasches on Linux and FreeBSD.

I'll try to look into this problem next week.

/Bjorn
-- 
Björn Gustavsson            Ericsson Utvecklings AB
      ÄT2/UAB/F/P
			    BOX 1505
+46 8 727 56 87 	    125 25 Älvsjö



More information about the erlang-questions mailing list