[issue2620] Multiple buffer overflows in unicode processing
Gregory P. Smith
report at bugs.python.org
Sun Jul 6 08:42:31 CEST 2008
Gregory P. Smith <greg at krypto.org> added the comment:
here's an updated patch. It makes PyMem_NEW and PyMem_RESIZE macros
always do explicit an overflow check before doing the multiplication.
Uses of the the macros have been cleaned up in the couple places I
noticed that would leak memory or corrupt their own state by replacing
the original pointer to their memory with NULL on error before raising
MemoryError. This bug was already present in the existing code if
realloc ever returned NULL.
(IMHO PyMem_RESIZE & PyMem_Resize are a poorly designed macros. The
blind pointer assignment should never have been done within the macro.
But given that it is exposed as an API and presumably used by third
party extension modules the broken API must be maintained.)
Added file: http://bugs.python.org/file10825/issue2620-gps02-patch.txt
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue2620>
_______________________________________
More information about the Python-bugs-list
mailing list