[issue2620] Multiple buffer overflows in unicode processing
Gregory P. Smith
report at bugs.python.org
Mon Apr 14 05:12:44 CEST 2008
Gregory P. Smith <greg at krypto.org> added the comment:
Here's a patch that fixes this by making both Python's malloc and
realloc return NULL if (0 <= size <= PY_SSIZE_T_MAX).
A side effect of this is that strings on 32bit platforms can no longer
be allocated up to 2**31-1 in length as the malloc includes the internal
python object structure overhead. The maximum string size becomes
2147483609 with an optimized build on this system.
I do not think that is a problem. A 32-bit process by definition can
only ever have one such object allocated at a time anyways. ;)
Added file: http://bugs.python.org/file10027/issue2620-gps01-patch.txt
Tracker <report at bugs.python.org>
More information about the Python-bugs-list