David Lamparter

@westes yes, is there anything for me to work on regarding this PR? It's not clear to me whether I've sufficiently answered @Explorer09's questions and/or I need to do something...

I now believe this is a potential security issue in flex-generated lexers. If `yy_n_chars` is 0 (initial state) and `number_to_move` is 1 (short input), there will be both: * an...

Hi. This is fixed in PR #380, which has been open for 9 months now. There is also a possibility that this is security relevant.

This logic doesn't hold up. Anyone can run coverity on flex (e.g. as part of another larger project) and use the resulting issue list to try and find exploitable pieces....

Updated/fixed on package host.

Done, closing.

Still the same problem as before. The free path does not match the alloc path. > ``` > igmp_anysource_forward_stop > igmp_source_forward_stop > tib_sg_gm_prune > pim_ifchannel_local_membership_del > delete_on_noinfo > pim_ifchannel_delete >...

> The call stack for channel_oil used by upstream->channel_oil: > `pim_upstream_new` > `pim_channel_oil_add` >>>>>>>>>>>>>>>>>>>>> channel_oil ref_count will become 2 So… the `pim_channel_oil_del` line you're adding should be somewhere in the...

Looks good, but not 100% sure this doesn't break other things — not hitting merge before stable branch is pulled :/

The tentative answer during the call on tuesday is that this was done to work around kernel bugs with specific interface drivers. If this is the reason, I'm opposed to...