New submission from Alex <[email protected]>:
In Objects/stringlib/fastsearch.h the lines:
if (!STRINGLIB_BLOOM(mask, s[i-1]))
and
if (!STRINGLIB_BLOOM(mask, s[i-1]))
can read beyond the front of the array that is passed to it when the loop
enters with i = 0.
I originally noticed this when porting the algorithm to PyPy (which has bounds
checking :)), all tests pass if I simple add `if i-1 >= 0` before the
conditional. This doesn't appear to actually cause the algorithm to ever
break, but it is unsafe.
----------
messages: 104149
nosy: alex
severity: normal
status: open
title: Stringlib fastsearch can read beyond the front of an array
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue8530>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
