[Python-Dev] [Python-checkins] cpython (merge 3.2 -> default): Fix out of bounds read in long_new() for empty bytes with an explicit base. (original) (raw)
Christian Heimes lists at cheimes.de
Wed Sep 12 18:33:35 CEST 2012
- Previous message: [Python-Dev] [Python-checkins] cpython (merge 3.2 -> default): Fix out of bounds read in long_new() for empty bytes with an explicit base.
- Next message: [Python-Dev] [Python-checkins] cpython: Make sure that *really* no more than sizeof(ifr.ifr_name) chars are strcpy-ed
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Am 12.09.2012 18:14, schrieb Terry Reedy:
On 9/12/2012 10:22 AM, Stefan Krah wrote:
christian.heimes <python-checkins at python.org> wrote:
Fix out of bounds read in longnew() for empty bytes with an explicit base. int(b'', somebase) calls PyLongFromString() with char* of length 1 I don't know what happens internally, but such calls raise ValueError: invalid literal for int() with base 16: '' Of course, even if int() traps such calls before calling PyLongFromString, an extension writer could goof. Does the length 1 come from added \0?
Coverity (a static code analyzing tool) claims that the some code paths may read beyond the end of data when an empty byte string and any base is given. Internally b'' is converted to a null terminated char array (PyBytes_AS_STRING() returns a null terminated char*).
My change shortcuts the execution path and immediately raises an exception for the combination of b'' and some base.
By the way, excessively long lines in checkin messages are a nuisance from reading and responding ;-).
Sorry! In the future I'll add more line breaks. :)
- Previous message: [Python-Dev] [Python-checkins] cpython (merge 3.2 -> default): Fix out of bounds read in long_new() for empty bytes with an explicit base.
- Next message: [Python-Dev] [Python-checkins] cpython: Make sure that *really* no more than sizeof(ifr.ifr_name) chars are strcpy-ed
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]