[ python-Bugs-1501223 ] Possible buffer overflow in Python/sysmodule.c
SourceForge.net
noreply at sourceforge.net
Tue Jun 6 01:58:55 CEST 2006
Bugs item #1501223, was opened at 2006-06-05 13:45
Message generated for change (Comment added) made by bcannon
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1501223&group_id=5470
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Windows
Group: Python 2.5
>Status: Closed
>Resolution: Fixed
Priority: 5
Submitted By: Brett Cannon (bcannon)
Assigned to: Nobody/Anonymous (nobody)
Summary: Possible buffer overflow in Python/sysmodule.c
Initial Comment:
Line 1070 (along with lines 1075 and 1080) have
sprintf() calls that store "cp%d" into a buffer that
is 10 characters long. But an unsigned int could be 32
bits, which means 10 digits on its own. Add in the
need for a null byte and the "cp" part and it would
seem the buffer is 3 characters short.
----------------------------------------------------------------------
>Comment By: Brett Cannon (bcannon)
Date: 2006-06-05 16:58
Message:
Logged In: YES
user_id=357491
OK, I will! =) Just had to wait until I had time at work
to do it.
HEAD for rev. 46682 and for 2.4 there is rev. 46683 has the
buffer increase.
----------------------------------------------------------------------
Comment By: Tim Peters (tim_one)
Date: 2006-06-05 14:02
Message:
Logged In: YES
user_id=31435
So make it bigger ;-) In reality, I don't believe any
Windows "code page" needs more than 5 digits, so there are
actually a couple bytes to spare, but boosting the buffer
size wouldn't hurt.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1501223&group_id=5470
More information about the Python-bugs-list
mailing list