[issue24462] bytearray.find Buffer Over-read

2015-07-05 Thread Arfrever Frehtes Taifersar Arahesis
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com: -- nosy: +Arfrever ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue24462 ___

[issue24462] bytearray.find Buffer Over-read

2015-06-29 Thread Serhiy Storchaka
Serhiy Storchaka added the comment: The patch for issue24467 also fixed this issue in different way. In any case thank you Dmitry for your patches. -- components: +Interpreter Core resolution: - duplicate stage: patch review - resolved status: open - closed superseder: - bytearray

[issue24462] bytearray.find Buffer Over-read

2015-06-28 Thread Serhiy Storchaka
Changes by Serhiy Storchaka storch...@gmail.com: -- assignee: - serhiy.storchaka stage: - patch review ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue24462 ___

[issue24462] bytearray.find Buffer Over-read

2015-06-22 Thread DmitryJ
DmitryJ added the comment: Attached please find a patch against the 2.7 branch. CPython built with the patch passes the tests from the test suite. Unfortunately, as there is not much control over memory allocation, there is no 100% reliable test case that would allow for reproducing the

[issue24462] bytearray.find Buffer Over-read

2015-06-22 Thread DmitryJ
DmitryJ added the comment: I am preparing a patch for this issue, then. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue24462 ___ ___

[issue24462] bytearray.find Buffer Over-read

2015-06-20 Thread JohnLeitch
JohnLeitch added the comment: Given my understanding of the issue, the memcmp approach seems like a viable fix. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue24462 ___

[issue24462] bytearray.find Buffer Over-read

2015-06-18 Thread DmitryJ
DmitryJ added the comment: Quick analysis tells this can be attributed to the following code (in 2.7): https://hg.python.org/cpython/file/a8e24d776e99/Objects/stringlib/fastsearch.h#l110 https://hg.python.org/cpython/file/a8e24d776e99/Objects/stringlib/fastsearch.h#l116 Suppose i = 0, then

[issue24462] bytearray.find Buffer Over-read

2015-06-18 Thread DmitryJ
DmitryJ added the comment: From the author's page at http://effbot.org/zone/stringlib.htm Note that the above Python code may access s[n], which would result in an IndexError exception. For the CPython implementation, this is not really a problem, since CPython adds trailing NULL entries to

[issue24462] bytearray.find Buffer Over-read

2015-06-17 Thread JohnLeitch
New submission from JohnLeitch: The bytearray.find method suffers from a buffer over-read that can be triggered by passing a string equal in length to the buffer. The result is a read off the end of the buffer, which could potentially be exploited to disclose the contents of adjacent memory.

[issue24462] bytearray.find Buffer Over-read

2015-06-17 Thread Serhiy Storchaka
Changes by Serhiy Storchaka storch...@gmail.com: -- nosy: +serhiy.storchaka ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue24462 ___ ___