[issue2587] PyString_FromStringAndSize() to be considered unsafe
Alexander Belopolsky
report at bugs.python.org
Wed Apr 9 20:31:07 CEST 2008
Alexander Belopolsky <belopolsky at users.sourceforge.net> added the comment:
On Wed, Apr 9, 2008 at 1:20 PM, Justin Ferguson <report at bugs.python.org> wrote:
..
> Do I need to create proof of concepts for each of these bugs, or can I
> reference this ticket?
>
It would be best if you could provide a patch complete with additional
unit tests that fail in (or crash) unpatched python and demonstrate
the bugs. Since the fixes are likely to be one-line changes, I would
say there is no need to create separate issues. Just post a patch
here for а review.
>From your other post, I understand that you are doing a security audit
of the python codebase. Is this a manual effort (identifying unsafe
constructs and searching for them) or you use some kind of automation?
__________________________________
Tracker <report at bugs.python.org>
<http://bugs.python.org/issue2587>
__________________________________
More information about the Python-bugs-list
mailing list