[Python-bugs-list] [ python-Bugs-485175 ] buffer overflow in traceback.c
noreply@sourceforge.net
noreply@sourceforge.net
Tue, 27 Nov 2001 12:32:46 -0800
Bugs item #485175, was opened at 2001-11-24 12:37
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=485175&group_id=5470
Category: Python Interpreter Core
Group: Python 2.2
>Status: Closed
>Resolution: Fixed
Priority: 5
Submitted By: Alex Martelli (aleax)
Assigned to: Tim Peters (tim_one)
Summary: buffer overflow in traceback.c
Initial Comment:
Running this script:
name = 'prova'*200
fou = open('fatto.py','w')
print>>fou, 'def',name,'():\n return 1/0'
fou.close()
import fatto
print 'prima (%d)'%len(name)
funz = getattr(fatto, name)
try:
funz()
except:
print 'beccato'
raise
Python exits with a segfault. Cause: buffer overflow in traceback.c line 157, the only sprintf -- FMT (wrongly, I surmise) does not limit the number of characters it tries to write to linebuf from argument name, an unbounded-length string (the co_name).
----------------------------------------------------------------------
>Comment By: Tim Peters (tim_one)
Date: 2001-11-27 12:32
Message:
Logged In: YES
user_id=31435
Fixed, in
Misc/ACKS; new revision: 1.138
Python/traceback.c; new revision: 2.35
The format now limits file and function names to 500 chars
each (and the size of the buffer was boosted accordingly).
----------------------------------------------------------------------
Comment By: Tim Peters (tim_one)
Date: 2001-11-27 12:13
Message:
Logged In: YES
user_id=31435
Reproduced the problem and assigned to me.
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=485175&group_id=5470