buffer overflow

[Thomas Heller]

"Tim H" <tim at frontier.net.nospam> writes:

> "Tim Peters" <tim.one at comcast.net> wrote in message
> news:mailman.1042778911.1136.python-list at python.org...
> > [donoli]
> > > I have two machines, FreeBSD 4,2  and  W2K pro.  I'd like to test the
> > > security on both of them against a buffer overflow.  If someone has
> > > the code in python for a buffer overflow, please post it.
> > > donoli.
> >
> > [Martin v. Loewis]
> > > Python does not support buffer overflows, sorry.
> >
> > [pmaney at pobox.com]
> > > I'm sure they could be added by a C extension module.
> >
> > They already were, and, curiously enough, by the builtin bufferobject.c.
> > That supplies the builtin, little understood, and easily abused buffer
> > object.  For fun, run this:
> >
> > """
> > from array import array
> > from random import randrange
> >
> > i = 0
> > while 1:
> >     i += 1
> >     print i,
> >     a = array('c', 'x' * randrange(10000))
> >     b = buffer(a)
> >     a.extend(array('c', 'y' * randrange(10000)))
> >     c = list(b)
> > """
> >
> > Chances are high it will die with a segfault before going around the loop
> 20
> > times, because the buffer object created by buffer() can be left pointing
> at
> > freed memory by the array object guts getting reallocated, and then
> list(b)
> > ends up reading God-only-knows-what from the stale buffer object.  Some of
> > the smarest people I know have refused to fix this <wink>.
> >
> >
> 
> Hmmm, a Win2k box got to 14, while Linux got to where I got bored and
> CTRL-C'ed it.  Does this mean Linux can count higher than Windows?
> 

No, it means that these kind of bugs are easier to find on Windows
than on Linux ;-)

Thomas