buffer overflow
Tim Peters
tim.one at comcast.net
Thu Jan 16 23:47:02 EST 2003
[donoli]
> I have two machines, FreeBSD 4,2 and W2K pro. I'd like to test the
> security on both of them against a buffer overflow. If someone has
> the code in python for a buffer overflow, please post it.
> donoli.
[Martin v. Loewis]
> Python does not support buffer overflows, sorry.
[pmaney at pobox.com]
> I'm sure they could be added by a C extension module.
They already were, and, curiously enough, by the builtin bufferobject.c.
That supplies the builtin, little understood, and easily abused buffer
object. For fun, run this:
"""
from array import array
from random import randrange
i = 0
while 1:
i += 1
print i,
a = array('c', 'x' * randrange(10000))
b = buffer(a)
a.extend(array('c', 'y' * randrange(10000)))
c = list(b)
"""
Chances are high it will die with a segfault before going around the loop 20
times, because the buffer object created by buffer() can be left pointing at
freed memory by the array object guts getting reallocated, and then list(b)
ends up reading God-only-knows-what from the stale buffer object. Some of
the smarest people I know have refused to fix this <wink>.
More information about the Python-list
mailing list