[issue24823] ctypes.create_string_buffer does not add NUL if len(init) == size
Tom Pohl
report at bugs.python.org
Fri Aug 7 21:41:54 CEST 2015
Tom Pohl added the comment:
I agree: not every buffer is null-terminated.
But the function name suggests that it creates a _string_ buffer which will most likely be used as an input to a C function. There, it can easily trigger a buffer overflow without a null termination which can be considered a severe security risk.
----------
components: -Documentation
versions: -Python 2.7, Python 3.5, Python 3.6
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue24823>
_______________________________________
More information about the Python-bugs-list
mailing list