Is python buffer overflow proof?
Fuzzyman
fuzzyman at gmail.com
Fri Aug 7 16:54:05 EDT 2009
On Aug 4, 6:06 am, John Nagle <na... at animats.com> wrote:
> Gabriel Genellina wrote:
> > En Mon, 03 Aug 2009 18:04:53 -0300, sturlamolden <sturlamol... at yahoo.no>
> > escribió:
>
> >> On 2 Aug, 15:50, Jizzai <jiz... at gmail.com> wrote:
>
> >>> Is a _pure_ python program buffer overflow proof?
>
> >>> For example in C++ you can declare a char[9] to hold user input.
> >>> If the user inputs 10+ chars a buffer overflow occurs.
>
> >> Short answer: NO
> > I disagree. You've just translated the responsability to check for
> > buffer overflows, from the Python VM, to the Java VM or the .Net runtime
> > (and all three suffered from buffer overruns and other problems in some
> > way or another).
>
> A more useful question is whether the standard libraries are being
> run through any of the commercial static checkers for possible buffer
> overflows.
>
> John Nagle
Python has been run through valgrind which did expose (and result in
the fixing) of several theoretical problems.
Pure Python can be crashed (cause segfaults) in various ways - there
is even a directory of tests that do this in the test suite. I don't
think any are due to buffer overflows.
Michael Foord
--
http://www.ironpythoninaction.com/
More information about the Python-list
mailing list