[Python-bugs-list] [ python-Bugs-485175 ] buffer overflow in traceback.c
noreply@sourceforge.net
noreply@sourceforge.net
Sat, 24 Nov 2001 12:37:24 -0800
Bugs item #485175, was opened at 2001-11-24 12:37
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=485175&group_id=5470
Category: Python Interpreter Core
Group: Python 2.2
Status: Open
Resolution: None
Priority: 5
Submitted By: Alex Martelli (aleax)
Assigned to: Nobody/Anonymous (nobody)
Summary: buffer overflow in traceback.c
Initial Comment:
Running this script:
name = 'prova'*200
fou = open('fatto.py','w')
print>>fou, 'def',name,'():\n return 1/0'
fou.close()
import fatto
print 'prima (%d)'%len(name)
funz = getattr(fatto, name)
try:
funz()
except:
print 'beccato'
raise
Python exits with a segfault. Cause: buffer overflow in traceback.c line 157, the only sprintf -- FMT (wrongly, I surmise) does not limit the number of characters it tries to write to linebuf from argument name, an unbounded-length string (the co_name).
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=485175&group_id=5470