New submission from Steve Fink: When attempting to run |hg chistedit|, which uses the python curses module, I am getting *** stack smashing detected ***: /usr/bin/python terminated
The problem is in PyCursesWindow_Box in _cursesmodule.c: if (!PyArg_ParseTuple(args,"ll;vertint,horint", &ch1, &ch2)) return NULL; ch1 and ch2 are of type 'chtype', which is a 4-byte integer on my platform. (I am on a fresh install of Fedora 24 x86_64.) The format string 'l' is writing 8 bytes. It is hard to fit 8 bytes into a 4 byte variable. I scanned through the rest of the file. Most places are very careful about this; if needed, they'll parse into a 'long' temporary and then assign. But here's another one in PyCurses_UngetMouse: MEVENT event; PyCursesInitialised; if (!PyArg_ParseTuple(args, "hiiil", &event.id, &event.x, &event.y, &event.z, (int *) &event.bstate)) return NULL; event.bstate is of type mmask_t, which is also 4 bytes. I did not find any more in that file. % rpm -q python-libs python-libs-2.7.12-1.fc24.x86_64 ---------- components: Library (Lib) messages: 271796 nosy: Steve Fink priority: normal severity: normal status: open title: "stack smashing detected" in PyCursesWindow_Box type: crash versions: Python 2.7 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue27666> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com