[issue15930] buffer overrun in wcstombs_errorpos()
Stefan Krah
report at bugs.python.org
Wed Sep 12 15:09:55 CEST 2012
Stefan Krah added the comment:
buf[1] contains NUL if SIZE_OF_WCHAR_T is 4.
The man page says:
size_t wcstombs(char *dest, const wchar_t *src, size_t n)
The conversion can stop for three reasons:
3. The wide-character string has been completely converted, including the terminating L'\0'. In
this case the conversion ends in the initial state. The number of bytes written to dest, exclud-
ing the terminating '\0' byte, is returned.
To me this sounds like there cannot be an invalid write.
----------
nosy: +skrah
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue15930>
_______________________________________
More information about the Python-bugs-list
mailing list