[ python-Bugs-871026 ] PyOS_snprintf segfaults on missing native
snprintf
SourceForge.net
noreply at sourceforge.net
Mon Jan 5 12:01:47 EST 2004
Bugs item #871026, was opened at 2004-01-05 11:37
Message generated for change (Comment added) made by tim_one
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=871026&group_id=5470
Category: Python Interpreter Core
Group: Platform-specific
Status: Open
Resolution: None
Priority: 5
Submitted By: Federico Di Gregorio (fog)
Assigned to: Nobody/Anonymous (nobody)
Summary: PyOS_snprintf segfaults on missing native snprintf
Initial Comment:
On architectures missing a native snprintf (checked on
win32 + Borland), PyOS_snprintf may cause a segfault
when passed a string argument (%s) larger than 512 bytes.
Btw, allocating an extra 512 bytes and hoping for the
best while calling native vsprintf is also a security
risk (due to buffer overruns.)
----------------------------------------------------------------------
>Comment By: Tim Peters (tim_one)
Date: 2004-01-05 12:01
Message:
Logged In: YES
user_id=31435
Does it really cause a segfault? This code is trying to cause
Py_FatalError instead in that case:
else if ((size_t)len >= size + 512)
Py_FatalError("Buffer overflow in
PyOS_snprintf/PyOS_vsnprintf");
If that part isn't working, that is indeed a bug.
WRT security, PyOS_snprintf is an internal API function --
programs written in Python can't invoke it directly. If a
(necessarily) internal use of the function triggers this case,
that's an error in the coding of the internals, but the *intent*
is that Py_FatalError() get invoked then anyway, which
immediately kills the Python process (via C abort()).
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=871026&group_id=5470
More information about the Python-bugs-list
mailing list