Slashdot Mirror

← Back to Stories (view on slashdot.org)

33-Year-Old Unix Bug Fixed In OpenBSD

Posted by kdawson on Tuesday July 8, 2008 @12:10PM from the yet-another-stack-overflow dept.

Ste sends along the cheery little story of Otto Moerbeek, one of the OpenBSD developers, who recently found and fixed a 33-year-old buffer overflow bug in Yacc. "But if the stack is at maximum size, this will overflow if an entry on the stack is larger than the 16 bytes leeway my malloc allows. In the case of of C++ it is 24 bytes, so a SEGV occurred. Funny thing is that I traced this back to Sixth Edition UNIX, released in 1975."

2 of 162 comments (clear)

Min score:

Reason:

Sort:

Re:Was it really a bug back then? by QuantumG · 2008-07-08 13:43 · Score: 5, Insightful

If you overflow a buffer then it's a bug, whether it is exploitable or not.

--
How we know is more important than what we know.
Re:bad omen by incripshin · 2008-07-08 16:38 · Score: 3, Insightful

Well, they're not checking yacc for bugs for the hell of it. They're reimplementing malloc to be more efficient, but it broke buggy code. Is there any other option than to fix yacc?