[Python-bugs-list] %.1200d will make Python segfault (PR#341)
scut@nb.in-berlin.de
scut@nb.in-berlin.de
Sat, 27 May 2000 09:41:24 -0400 (EDT)
Full_Name: -
Version: 1.5.2
OS: Linux
Submission from: elch.in-berlin.de (192.109.42.5)
To reproduce just start python and enter something like:
"%.1200d" % 1
It is constructed in a local buffer on the stack which is about 1000 characters
or so long, so you overwrite the framepointer and the retaddr, may be
exploitable
to attackers under some conditions.
Though this bug appears in GNU libc also, this one is within the Python code.
Thanks for developing such a great programming language as Python is :-)
ciao,
scut / teso
http://teso.scene.at/