[New-bugs-announce] [issue15930] buffer overrun in wcstombs_errorpos()
Christian Heimes
report at bugs.python.org
Wed Sep 12 14:37:02 CEST 2012
New submission from Christian Heimes:
Coverity has found a buffer overrun in wcstombs_errorpos() defined at
http://hg.python.org/cpython/file/25e41fdc4e60/Objects/unicodeobject.c#l3237
Message:
CID 719672: Out-of-bounds access (OVERRUN)At (2): Overrunning array "buf" of 2 4-byte elements by passing it to a function which accesses it at element index 15 (byte offset 60) using argument "16UL".
On a 64bit Linux system SIZE_OF_WCHAR_T is 4 and MB_LEN_MAX 16. In this constellation buf is 8 bytes long (wchar_t[2]) but outbuf has a size of 16 bytes. This causes a buffer overrun in wcstombs(outbuf, buf, sizeof(outbuf)).
----------
keywords: 3.3regression
messages: 170373
nosy: christian.heimes, haypo
priority: normal
severity: normal
status: open
title: buffer overrun in wcstombs_errorpos()
type: resource usage
versions: Python 3.3
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue15930>
_______________________________________
More information about the New-bugs-announce
mailing list