New submission from Serhiy Storchaka <storch...@gmail.com>: In unicodeobject.c and stringlib aligned addresses and sizes are used for optimization. pointer->integer and implicit integer->integer conversions may overflow or underflow on platforms with sizeof(size_t) != sizeof(void *) or sizeof(size_t) != sizeof(int). The proposed patch fixes such unsafe things in unicodeobject.c, stringlib and some other files.
There are still a few unsafe places in libffi, but in this library Py_uintptr_t nor uintptr_t are not available. ---------- components: Interpreter Core files: align_operations.patch keywords: patch messages: 163473 nosy: storchaka priority: normal severity: normal status: open title: Possible integer overflow in operations with addresses and sizes. type: security versions: Python 3.3 Added file: http://bugs.python.org/file26091/align_operations.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue15144> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
