[issue24917] time_strftime() Buffer Over-read
Alexander Belopolsky
report at bugs.python.org
Sat Sep 5 03:12:56 CEST 2015
Alexander Belopolsky added the comment:
> if there's a risk I'm overlooking I'd like to better understand it,
> and the relevant Python documentation should be updated.
I don't think there is any special risk that you are overlooking other than a documented fact that Python's strftime is a thin layer on top of system strftime and these are notoriously buggy on many systems.
A python application that accepts custom formats from users should limit those formats to a set that is known to work on the targeted platforms. Relying on strftime to properly return an error code and not do anything nasty is probably not a good idea.
This said, I express no opinion on the severity of this bug.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue24917>
_______________________________________
More information about the Python-bugs-list
mailing list