[issue18564] Integer overflow in socketmodule
STINNER Victor
report at bugs.python.org
Wed Apr 17 13:00:09 EDT 2019
STINNER Victor <vstinner at redhat.com> added the comment:
> In Modules/socketmodule.c , the bluetooth address supplied is vulnerable to integer overflow.
Attached PR 12864 modifies the following code:
unsigned int b0, b1, b2, b3, b4, b5;
char ch;
int n;
n = sscanf(name, "%X:%X:%X:%X:%X:%X%c", &b5, &b4, &b3, &b2, &b1, &b0, &ch);
Can someone please elaborate how this code can trigger an integer overflow? What is the consequence of an integer overflow? Does Python crash?
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue18564>
_______________________________________
More information about the Python-bugs-list
mailing list