Message 58560 - Python tracker (original) (raw)

Message58560

Author	gvanrossum
Recipients	donmez, gvanrossum
Date	2007-12-13.19:06:58
SpamBayes Score	0.07315752
Marked as misclassified	No
Message-id	1197572819.29.0.0315098150692.issue1608@psf.upfronthosting.co.za
In-reply-to

Content
Actually, looking at the sample code and the string_expandtabs() implementation it's clear what happened: the test for overflow on line 3318 or 3331 or 3339 must have been optimized out by GCC. This is very inconvenient because lots of buffer overflow protection uses similar code; this means that code that has been audited and fixed in the past will again be vulnerable after compilation by GCC 4.3. I'm going to ask Martin von Loewis to give an opinion on this. Thanks for bringing this up!

Content

Actually, looking at the sample code and the string_expandtabs() implementation it's clear what happened: the test for overflow on line 3318 or 3331 or 3339 must have been optimized out by GCC. This is very inconvenient because lots of buffer overflow protection uses similar code; this means that code that has been audited and fixed in the past will again be vulnerable after compilation by GCC 4.3. I'm going to ask Martin von Loewis to give an opinion on this. Thanks for bringing this up!

History
Date	User	Action	Args
2007-12-13 19:06:59	gvanrossum	set	spambayes_score: 0.0731575 -> 0.07315752recipients: + gvanrossum, donmez
2007-12-13 19:06:59	gvanrossum	set	spambayes_score: 0.0731575 -> 0.0731575messageid: 1197572819.29.0.0315098150692.issue1608@psf.upfronthosting.co.za
2007-12-13 19:06:59	gvanrossum	link	issue1608 messages
2007-12-13 19:06:58	gvanrossum	create