On Aug 4, 6:06 am, John Nagle <na...@animats.com> wrote: > Gabriel Genellina wrote: > > En Mon, 03 Aug 2009 18:04:53 -0300, sturlamolden <sturlamol...@yahoo.no> > > escribió: > > >> On 2 Aug, 15:50, Jizzai <jiz...@gmail.com> wrote: > > >>> Is a _pure_ python program buffer overflow proof? > > >>> For example in C++ you can declare a char[9] to hold user input. > >>> If the user inputs 10+ chars a buffer overflow occurs. > > >> Short answer: NO > > I disagree. You've just translated the responsability to check for > > buffer overflows, from the Python VM, to the Java VM or the .Net runtime > > (and all three suffered from buffer overruns and other problems in some > > way or another). > > A more useful question is whether the standard libraries are being > run through any of the commercial static checkers for possible buffer > overflows. > > John Nagle
Python has been run through valgrind which did expose (and result in the fixing) of several theoretical problems. Pure Python can be crashed (cause segfaults) in various ways - there is even a directory of tests that do this in the test suite. I don't think any are due to buffer overflows. Michael Foord -- http://www.ironpythoninaction.com/ -- http://mail.python.org/mailman/listinfo/python-list
