Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:
--
nosy: +Arfrever
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue24462
___
Serhiy Storchaka added the comment:
The patch for issue24467 also fixed this issue in different way.
In any case thank you Dmitry for your patches.
--
components: +Interpreter Core
resolution: - duplicate
stage: patch review - resolved
status: open - closed
superseder: - bytearray
Changes by Serhiy Storchaka storch...@gmail.com:
--
assignee: - serhiy.storchaka
stage: - patch review
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue24462
___
DmitryJ added the comment:
Attached please find a patch against the 2.7 branch. CPython built with the
patch passes the tests from the test suite. Unfortunately, as there is not much
control over memory allocation, there is no 100% reliable test case that would
allow for reproducing the
DmitryJ added the comment:
I am preparing a patch for this issue, then.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue24462
___
___
JohnLeitch added the comment:
Given my understanding of the issue, the memcmp approach seems like a viable
fix.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue24462
___
DmitryJ added the comment:
Quick analysis tells this can be attributed to the following code (in 2.7):
https://hg.python.org/cpython/file/a8e24d776e99/Objects/stringlib/fastsearch.h#l110
https://hg.python.org/cpython/file/a8e24d776e99/Objects/stringlib/fastsearch.h#l116
Suppose i = 0, then
DmitryJ added the comment:
From the author's page at http://effbot.org/zone/stringlib.htm
Note that the above Python code may access s[n], which would result in an
IndexError exception. For the CPython implementation, this is not really a
problem, since CPython adds trailing NULL entries to
New submission from JohnLeitch:
The bytearray.find method suffers from a buffer over-read that can be triggered
by passing a string equal in length to the buffer. The result is a read off the
end of the buffer, which could potentially be exploited to disclose the
contents of adjacent memory.
Changes by Serhiy Storchaka storch...@gmail.com:
--
nosy: +serhiy.storchaka
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue24462
___
___
10 matches
Mail list logo