Patches item #1428655, was opened at 2006-02-09 22:35 Message generated for change (Comment added) made by loewis You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1428655&group_id=5470
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core (C code) Group: None Status: Open Resolution: None Priority: 5 Submitted By: Wummel (calvin) Assigned to: Nobody/Anonymous (nobody) Summary: Use snprintf for static buffers Initial Comment: Hi, there are some uses of sprintf in the Python C code. Unfortunately sprintf is known to cause buffer overruns. To prevent this I have written a patch that replaces sprintf with snprintf. To be on the safe side (and since I don't know much of the C code internals) I only changed static buffers, where the sizeof() operator is known to work. The patch is against SVN 42293, and tested on a i386 Debian Linux system. ---------------------------------------------------------------------- >Comment By: Martin v. Löwis (loewis) Date: 2006-02-10 20:51 Message: Logged In: YES user_id=21627 The patch has several problems: 1. It is unnecessary. The print calls actually *cannot* cause buffer overruns, because in all cases, the buffers are large enough. 2. The insertion of a trailing null-byte is unnecessary: snprintf will already add that byte, even if it runs out of space. The first argument could be discarded, since using snprintf can be considered as improving maintainability; point 2 actually decreases maintainability. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1428655&group_id=5470 _______________________________________________ Patches mailing list [email protected] http://mail.python.org/mailman/listinfo/patches
