Created attachment 1018631 [details] fix for memory access issue I had an invalid memory access in gnutls, and I traced it back to libidn. That could result to a crash to programs using libidn to parse untrusted input. A fix is attached. Reported upstream: http://permalink.gmane.org/gmane.comp.gnu.libidn.general/573
This seems to be a duplicate of bug #1197796 (CVE-2015-2059). libidn expects the string to be valid utf8. The question is what should happen if it's not. *** This bug has been marked as a duplicate of bug 1197796 ***
(In reply to Miroslav Lichvar from comment #1) > This seems to be a duplicate of bug #1197796 (CVE-2015-2059). libidn expects > the string to be valid utf8. The question is what should happen if it's not. I think it is obvious that it should not crash.
Here is (old) upstream discussion: http://thread.gmane.org/gmane.comp.gnu.libidn.general/555