This is also at https://bugs.python.org/issue46280. Please direct
comments there.
Eric
On 1/6/2022 8:22 AM, lxr1210--- via Python-Dev wrote:
Hi all,
I am currently doing some research on the security of CPython. I used
the open source vulnerability analysis engine,
Infer(https://fbinfer.com/), to scan the native code of CPython 3.10.0.
The scan results show that there are still a number of vulnerabilities
in the CPython native code, such as Null dereference, Uninitialized
variable, Resource/Memory leak, etc. Moreover, I found that some of
the vulnerabilities are related to Python/C API. I enclose the
vulnerability report for your reference.
Based on the research of the result, I tried to design a tool to
automatically detect and repair vulnerabilities in CPython and make
this tool available. See:
https://github.com/PVMPATCH/PVMPatch
Python is my favourite programming language. I sincerely hope that I
can help Python become stronger and safer. I hope this discovery can
be useful for you to develop Python in the future.
Thank you for your time and consideration!
Lin
_______________________________________________
Python-Dev mailing list -- python-dev@python.org
To unsubscribe send an email to python-dev-le...@python.org
https://mail.python.org/mailman3/lists/python-dev.python.org/
Message archived at
https://mail.python.org/archives/list/python-dev@python.org/message/WQ2TVXPWFWP7V34WOGL2IDSDNAUQGEJU/
Code of Conduct: http://python.org/psf/codeofconduct/
_______________________________________________
Python-Dev mailing list -- python-dev@python.org
To unsubscribe send an email to python-dev-le...@python.org
https://mail.python.org/mailman3/lists/python-dev.python.org/
Message archived at
https://mail.python.org/archives/list/python-dev@python.org/message/5BJNES7RVFLMLA2KJHSVF6AXMHLLQGSP/
Code of Conduct: http://python.org/psf/codeofconduct/
