[ python-Bugs-1688393 ] sock.recvfrom(-24) crashes
SourceForge.net
noreply at sourceforge.net
Mon Mar 26 16:13:14 CEST 2007
Bugs item #1688393, was opened at 2007-03-27 00:13
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1688393&group_id=5470
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Andrew Bennetts (spiv)
Assigned to: Nobody/Anonymous (nobody)
Summary: sock.recvfrom(-24) crashes
Initial Comment:
Actually sock.recvfrom(x) crashes or causes memory corruption for all values in -sizeof(PyStringObject) <= x < 0, I think.
This script demonstrates the problem:
import socket, sys
s1 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s1.bind(('127.0.0.1', 9999))
s2 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s2.sendto('fdsjkldsfkj', ('127.0.0.1', 9999))
print s1.recvfrom(-24)
Try e.g. -1 instead of -24 as well.
I'm attaching a patch that fixes this bug, and adds a simple test for it too.
Other sock_recv* functions in socketmodule.c seem to already catch negative recvlen values and raise ValueError, but for some reason recvfrom missed out.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1688393&group_id=5470
More information about the Python-bugs-list
mailing list