-
Vladimír Čunát authored
See the added comments. Such bugs are tricky, because the old code would typically work just fine, only if libuv/OS decided to postpone copying the data (perhaps large load), we would send two bytes from this address on C stack - their later value (hard to predict what). Security risks: the two bytes might theoretically contain information that was more or less private and we just send it to some DNS server (possibly over unencrypted TCP), but ATM I find it very unlikely that this bug could be practically exploited.
To find the state of this project's repository at the time of any of these versions, check out the tags.