New submission from Serhiy Storchaka: The first parameter of kqueue.control() is documented as an iterable. But actually it should have a length. kqueue.control() uses PyObject_Size() for allocating an array and PyObject_GetIter()+PyIter_Next() for iterating kevent objects and filling the array. If the length and the iterator are not consistent this can lead to writing past the end of the array.
---------- components: Extension Modules, FreeBSD messages: 291563 nosy: koobs, serhiy.storchaka priority: normal severity: normal status: open title: Buffer overflow in kqueue.control() type: crash versions: Python 2.7, Python 3.5, Python 3.6, Python 3.7 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue30058> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
