Nickolai Zeldovich added the comment:
I just submitted the contributor form -- thanks for the reminder.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17016
Nickolai Zeldovich added the comment:
I get an HTTP error when trying to upload another patch through Rietveld, so
here's a revised patch that avoids the need for Py_uintptr_t (thanks Serhiy).
--
Added file: http://bugs.python.org/file29379/pp-3.patch
Nickolai Zeldovich added the comment:
Sorry for the delay. Attached is an updated patch that should fix all of the
issues mentioned in this bug report.
--
Added file: http://bugs.python.org/file29368/pp-2.patch
___
Python tracker rep
Nickolai Zeldovich added the comment:
Lines 2777 and 3111 do indeed look suspect, because gcc can compile (ptr +
offset ptr) into (offset 0):
nickolai@sahara:/tmp$ cat x.c
void bar();
void
foo(char* ptr, int offset)
{
if (ptr + offset ptr)
bar();
}
nickolai@sahara:/tmp$ gcc x.c -S
Nickolai Zeldovich added the comment:
For an unsigned int offset, see my original bug report: gcc eliminates the
check altogether, since offset = 0 by definition.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17016
New submission from Nickolai Zeldovich:
Modules/_sre.c relies on pointer overflow in 5 places to check that the
supplied offset does not cause wraparound when added to a base pointer; e.g.:
SRE_CODE prefix_len;
GET_ARG; prefix_len = arg
