[issue23055] PyUnicode_FromFormatV crasher
Guido van Rossum
report at bugs.python.org
Tue Dec 16 02:09:09 CET 2014
Guido van Rossum added the comment:
I'd be much worried about attack scenarios if this function was part of the standard library. But it's not -- the stdlib's % operator uses completely different code. The most common use case is probably to generate error messages from extension modules -- and there the format is almost always a literal in the C code. (An adversary who can load a C extension doesn't need this exploit.)
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue23055>
_______________________________________
More information about the Python-bugs-list
mailing list