[New-bugs-announce] [issue8530] Stringlib fastsearch can read beyond the front of an array
Alex
report at bugs.python.org
Sun Apr 25 20:05:11 CEST 2010
New submission from Alex <alex.gaynor at gmail.com>:
In Objects/stringlib/fastsearch.h the lines:
if (!STRINGLIB_BLOOM(mask, s[i-1]))
and
if (!STRINGLIB_BLOOM(mask, s[i-1]))
can read beyond the front of the array that is passed to it when the loop enters with i = 0.
I originally noticed this when porting the algorithm to PyPy (which has bounds checking :)), all tests pass if I simple add `if i-1 >= 0` before the conditional. This doesn't appear to actually cause the algorithm to ever break, but it is unsafe.
----------
messages: 104149
nosy: alex
severity: normal
status: open
title: Stringlib fastsearch can read beyond the front of an array
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue8530>
_______________________________________
More information about the New-bugs-announce
mailing list