[issue2620] Multiple buffer overflows in unicode processing

Gregory P. Smith report at bugs.python.org
Mon Apr 14 05:12:44 CEST 2008


Gregory P. Smith <greg at krypto.org> added the comment:

Here's a patch that fixes this by making both Python's malloc and
realloc return NULL if (0 <= size <= PY_SSIZE_T_MAX).

A side effect of this is that strings on 32bit platforms can no longer
be allocated up to 2**31-1 in length as the malloc includes the internal
python object structure overhead.  The maximum string size becomes
2147483609 with an optimized build on this system.

I do not think that is a problem.  A 32-bit process by definition can
only ever have one such object allocated at a time anyways. ;)

any objections?

Added file: http://bugs.python.org/file10027/issue2620-gps01-patch.txt

__________________________________
Tracker <report at bugs.python.org>
<http://bugs.python.org/issue2620>
__________________________________


More information about the Python-bugs-list mailing list