On Sun, Dec 28, 2003 at 11:41:49PM +0900, ts wrote:
> >>>>> "A" == Alexander Bokovoy <a.bokovoy / sam-solutions.net> writes:
> 
> A> There is definitely a bug in Syck's emitter code in current 1.8.1 branch
> A> (and in release too) which is easily reproduceable on GNU/Linux systems on
> A> IA-32 when making a meta-information for 'ri' using 'rdoc' against Ruby
> A> sources:
> 
>  yes, see my message on ruby-talk. The bug is in syck_emitter_write() it
>  just need to have a big value for len to crash
> 
> A>     len=9362) at emitter.c:317
>         ^^^^^^^
> 
>  here the problem (look at what it do with e->marker)
Yes, I stated same (look at my previous email, closer to its end). The problem is 
in how that code (_write/_flush) handles buffer overruns, there were attempts to 
optimize it but still fragile from my point of view.
-- 
/ Alexander Bokovoy
Samba Team                      http://www.samba.org/
ALT Linux Team                  http://www.altlinux.org/
Midgard Project Ry              http://www.midgard-project.org/