[issue1950] Potential overflows due to incorrect usage of PyUnicode_AsString.
Alexander Belopolsky
report at bugs.python.org
Fri Mar 7 19:43:15 CET 2008
Alexander Belopolsky added the comment:
Your description of the patch is a bit misleading. As far as I can tell
only the first chunk (Python/import.c changes) addresses a potential
buffer overflow. For example the last chunk (Modules/posixmodule.c
changes) simply eliminates an unused variable. While a worthwhile
change, it should not be bundled with what is potentially a security patch.
I have a few suggestions:
1. It will really help if you produce a test case that crashes the
interpretor. I am sure that will get noticed.
2. If any of buffer overflows apply to the current production versions
(2.4 or 2.5) or even the alpha release (2.6a1), it would make sense to
backport it to the trunk. Once again, security issues in the trunk will
get noticed much faster than in py3k branch.
----------
nosy: +belopolsky
__________________________________
Tracker <report at bugs.python.org>
<http://bugs.python.org/issue1950>
__________________________________
More information about the Python-bugs-list
mailing list