Tomas Hoger tho...@redhat.com added the comment:
Is the final patch going to enable empty fragments unconditionally and will
ofter no way to disable them?
curl did that recently and ended up adding option to allow users to disable
empty fragments when they break compatibility:
http
Tomas Hoger tho...@redhat.com added the comment:
You seem to be right that r65878 should block the xsize = ysize = 0x8000
integer overflow. I was testing on the python version with r60793, but not
with r65878. Note that the check added in r65878 should still cause crash on
divide-by-zero
Tomas Hoger tho...@redhat.com added the comment:
+ - If the name of an existing script is passed in ``argv[0]``, its absolute
+ path is prepended to :data:`sys.path`
Absolute path to the directory where script is located. And I believe there's
no absolute path guarantee for platforms
Tomas Hoger tho...@redhat.com added the comment:
My reading of PySys_SetArgv is that if argv is NULL, then
char *argv0 = argv[0]; will read through NULL and thus will
segfault on a typical platform.
Right.
I favor Antoine's approach in
http://bugs.python.org/file13860/setargvex.patch
Tomas Hoger tho...@redhat.com added the comment:
According to PEP-0004, affected module was deprecated in 2.5 and is no longer
part of 2.6 and later. Hence 2.5 only, not sure if that version is still
actively supported upstream.
--
nosy: +thoger
versions: -Python 2.6, Python 2.7
New submission from Tomas Hoger tho...@redhat.com:
SVN commit r64114 added integer overflow checks to multiple modules. Checks
added to audioop module are incorrect and can still be bypassed:
http://svn.python.org/view/python/trunk/Modules/audioop.c?r1=64114r2=64113
- audioop_tostereo
Tomas Hoger tho...@redhat.com added the comment:
Do you have any Python examples that failed to trigger the overflow
on your platform?
No, I've not really tried to create some, as I found it while looking into
similar checks added to rgbimg module (which is dead and removed upstream now
Tomas Hoger tho...@redhat.com added the comment:
Can anyone move this to Stage: patch review (for the fix approach proposed in
msg90336)? Or does anyone have better idea on how to move this closer to final
fix or wontfix / reject? Thank you
Tomas Hoger tho...@redhat.com added the comment:
Has anyone else had an opportunity to have a look at the change proposed in
#msg90336?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue5753
Tomas Hoger tho...@redhat.com added the comment:
This is not really the same thing as issue 946373. That one seems to be
about adding script's directory as the first thing in sys.path.
Comments there seem to mix both interactive ('' in sys.path) and
non-interactive (os.path.dirname
Tomas Hoger tho...@redhat.com added the comment:
Additional API has one disadvantage - it requires a modification of all
affected applications embedding python, which is not likely to happen
soon after the API is introduced.
Therefore, it may still be worth reviewing current behaviour
Tomas Hoger tho...@redhat.com added the comment:
Have you considered something like this? (patch against 3.1)
--- Python/sysmodule.c.orig
+++ Python/sysmodule.c
@@ -1643,6 +1643,7 @@ PySys_SetArgv(int argc, wchar_t **argv)
#endif /* Unix */
}
#endif /* All others
12 matches
Mail list logo