[issue24467] bytearray pop and remove Buffer Over-read

DmitryJ added the comment: If this is the case, then issue24462 should be fixed by this patch as well. I'm sorry about missing the root cause here. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue24467

[issue24467] bytearray pop and remove Buffer Over-read

Changes by DmitryJ ga...@tut.by: Added file: http://bugs.python.org/file39781/issue24467-3.2.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue24467

[issue24467] bytearray pop and remove Buffer Over-read

DmitryJ added the comment: Attached is a patch that fixes the reported issue. Since there are no visible side effects in Python, I could not write a test for this. -- keywords: +patch Added file: http://bugs.python.org/file39780/issue24467-2.7.patch

[issue24467] bytearray pop and remove Buffer Over-read

Changes by DmitryJ ga...@tut.by: Added file: http://bugs.python.org/file39783/issue24467-3.4.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue24467

[issue24467] bytearray pop and remove Buffer Over-read

Changes by DmitryJ ga...@tut.by: Added file: http://bugs.python.org/file39784/issue24467-3.5.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue24467

[issue24467] bytearray pop and remove Buffer Over-read

Changes by DmitryJ ga...@tut.by: Added file: http://bugs.python.org/file39782/issue24467-3.3.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue24467

[issue24467] bytearray pop and remove Buffer Over-read

DmitryJ added the comment: Offending code in 2.7: https://hg.python.org/cpython/file/20c9290a5de4/Objects/bytearrayobject.c#l2381 https://hg.python.org/cpython/file/20c9290a5de4/Objects/bytearrayobject.c#l2412 Let n = 16, where = 0; memmove() then attempts to copy (n - where) = 16 bytes where

[issue24462] bytearray.find Buffer Over-read

DmitryJ added the comment: Attached please find a patch against the 2.7 branch. CPython built with the patch passes the tests from the test suite. Unfortunately, as there is not much control over memory allocation, there is no 100% reliable test case that would allow for reproducing

[issue24481] hotshot pack_string Heap Buffer Overflow

Changes by DmitryJ ga...@tut.by: -- nosy: +dev_zzo ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue24481 ___ ___ Python-bugs-list mailing list

[issue24462] bytearray.find Buffer Over-read

DmitryJ added the comment: I am preparing a patch for this issue, then. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue24462 ___ ___ Python-bugs

[issue24462] bytearray.find Buffer Over-read

DmitryJ added the comment: Quick analysis tells this can be attributed to the following code (in 2.7): https://hg.python.org/cpython/file/a8e24d776e99/Objects/stringlib/fastsearch.h#l110 https://hg.python.org/cpython/file/a8e24d776e99/Objects/stringlib/fastsearch.h#l116 Suppose i = 0, then s[i

[issue24462] bytearray.find Buffer Over-read

DmitryJ added the comment: From the author's page at http://effbot.org/zone/stringlib.htm Note that the above Python code may access s[n], which would result in an IndexError exception. For the CPython implementation, this is not really a problem, since CPython adds trailing NULL entries