Is python buffer overflow proof?
Steven D'Aprano
steven at REMOVE.THIS.cybersource.com.au
Mon Aug 3 23:44:54 EDT 2009
On Mon, 03 Aug 2009 14:04:53 -0700, sturlamolden wrote:
> On 2 Aug, 15:50, Jizzai <jiz... at gmail.com> wrote:
>
>> Is a _pure_ python program buffer overflow proof?
>>
>> For example in C++ you can declare a char[9] to hold user input. If the
>> user inputs 10+ chars a buffer overflow occurs.
>
> Short answer: NO
>
> Bounds checking on sequence types is a protection against buffer
> overflow, but is certainly not sufficient.
>
> The Python interpreter is written in C. Python extension modules are
> written in C (or something similar). If you find an unprotected buffer
> in this C code, you can possibly overflow this buffer.
How are C extension modules "_pure_ python"?
--
Steven
More information about the Python-list
mailing list