[Python-Dev] PyErr_Format security note

[Greg Stein]

On Mon, 15 Nov 1999, M.-A. Lemburg wrote:
>...
> In sysmodule.c, this check is done which should be safe enough
> since no "return" is issued (Py_FatalError() does an abort()):
> 
>   if (vsprintf(buffer, format, va) >= sizeof(buffer))
>     Py_FatalError("PySys_WriteStdout/err: buffer overrun");

I believe the return from vsprintf() itself would be the problem.

Cheers,
-g

--
Greg Stein, http://www.lyra.org/