[issue24917] time_strftime() Buffer Over-read
Larry Hastings
report at bugs.python.org
Mon Sep 7 05:26:12 CEST 2015
Larry Hastings added the comment:
Okay, I think *I* reproduced it.
1) I pulled your cpython350 fork down locally.
2) I updated to your checkin that fixed the bug. (c31dad22c80d)
3) I reverted the change to Modules/timemodule.c to put the bug back:
% hg cat -r 97393 Modules/timemodule.c > Modules/timemodule.c
4) I changed line 611 (or so) from "#if defined(MS_WINDOWS) && !defined(HAVE_WCSFTIME)" to "#if 1" so I'd get the code that had the bug.
5) I ran "./configure --with-valgrind && make" to make it.
6) I ran "valgrind ./python -m test test_time" and ***Valgrind complained about an array overrun***.
7) I restored the bugfix to Modules/timemodule.c, then reinstated the change from 4) above.
8) I ran make and valgrind again and didn't get the complaint about the array overrun.
For grins I also tried enabling the other stanza of code that has the bug (the AIX / sun / have_wcsftime) and observed the same thing.
Is that convincing?
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue24917>
_______________________________________
More information about the Python-bugs-list
mailing list