[Python-Dev] [Python-checkins] cpython (merge 3.2 -> default): Fix out of bounds read in long_new() for empty bytes with an explicit base.
lists at cheimes.de
Wed Sep 12 17:40:55 CEST 2012
Am 12.09.2012 16:22, schrieb Stefan Krah:
> This is a false positive:
> Assumption: string == ""
> Call: PyLong_FromString("", NULL, (int)base);
> Now: str == ""
> Coverity claims an invalid access at str:
> if (str == '0' &&
> ((base == 16 && (str == 'x' || str == 'X')) ||
> (base == 8 && (str == 'o' || str == 'O')) ||
> (base == 2 && (str == 'b' || str == 'B'))))
> But str is never accessed due to shortcut evaluation.
> Coverity appears to have serious problems with shortcut evaluations in many
You might be right. But did you notice that there is much more code
beyond the large comment block in PyLong_FromString()? There might be
other code paths that push str beyond its limit.
My change adds an early opt out in an error case and doesn't cause a
performance degradation. I'd have no hard feeling if you'd prefer a
revert but I'd keep the modification as it causes no harm.
More information about the Python-Dev