[New-bugs-announce] [issue15930] buffer overrun in wcstombs_errorpos()

Christian Heimes report at bugs.python.org
Wed Sep 12 14:37:02 CEST 2012

New submission from Christian Heimes:

Coverity has found a buffer overrun in wcstombs_errorpos() defined at 

CID 719672: Out-of-bounds access (OVERRUN)At (2): Overrunning array "buf" of 2 4-byte elements by passing it to a function which accesses it at element index 15 (byte offset 60) using argument "16UL". 

On a 64bit Linux system SIZE_OF_WCHAR_T is 4 and MB_LEN_MAX 16. In this constellation buf is 8 bytes long (wchar_t[2]) but outbuf has a size of 16 bytes. This causes a buffer overrun in wcstombs(outbuf, buf, sizeof(outbuf)).

keywords: 3.3regression
messages: 170373
nosy: christian.heimes, haypo
priority: normal
severity: normal
status: open
title: buffer overrun in wcstombs_errorpos()
type: resource usage
versions: Python 3.3

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list