[New-bugs-announce] [issue30058] Buffer overflow in kqueue.control()
Serhiy Storchaka
report at bugs.python.org
Wed Apr 12 13:13:38 EDT 2017
New submission from Serhiy Storchaka:
The first parameter of kqueue.control() is documented as an iterable. But actually it should have a length. kqueue.control() uses PyObject_Size() for allocating an array and PyObject_GetIter()+PyIter_Next() for iterating kevent objects and filling the array. If the length and the iterator are not consistent this can lead to writing past the end of the array.
----------
components: Extension Modules, FreeBSD
messages: 291563
nosy: koobs, serhiy.storchaka
priority: normal
severity: normal
status: open
title: Buffer overflow in kqueue.control()
type: crash
versions: Python 2.7, Python 3.5, Python 3.6, Python 3.7
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue30058>
_______________________________________
More information about the New-bugs-announce
mailing list