[issue2589] PyOS_vsnprintf() potential integer overflow leads to memory corruption
Gregory P. Smith
report at bugs.python.org
Mon May 26 23:17:31 CEST 2008
Gregory P. Smith <greg at krypto.org> added the comment:
Fixed in trunk r63728.
There was a problem with the code on normal architectures as well.
The input was a size_t while the output was an int. So an integer
overflow could have happened going from the vsnprintf return value to
the integer since size_t is unsigned and int isn't (also when size_t is
a larger type than an int).
I don't think that would lead to memory corruption when using the
system's vsnprintf but it could have bad results if the caller expected
str to be null terminated properly.
I will backport this to release25-maint.
----------
priority: low -> normal
title: PyOS_vsnprintf() potential integer overflow leads to memory corruption on esoteric architectures -> PyOS_vsnprintf() potential integer overflow leads to memory corruption
__________________________________
Tracker <report at bugs.python.org>
<http://bugs.python.org/issue2589>
__________________________________
More information about the Python-bugs-list
mailing list