Is python buffer overflow proof?

John Nagle nagle at animats.com
Tue Aug 4 07:06:06 CEST 2009


Gabriel Genellina wrote:
> En Mon, 03 Aug 2009 18:04:53 -0300, sturlamolden <sturlamolden at yahoo.no> 
> escribió:
> 
>> On 2 Aug, 15:50, Jizzai <jiz... at gmail.com> wrote:
>>
>>> Is a _pure_ python program buffer overflow proof?
>>>
>>> For example in C++ you can declare a char[9] to hold user input.
>>> If the user inputs 10+ chars a buffer overflow occurs.
>>
>> Short answer: NO

> I disagree. You've just translated the responsability to check for 
> buffer overflows, from the Python VM, to the Java VM or the .Net runtime 
> (and all three suffered from buffer overruns and other problems in some 
> way or another). 

    A more useful question is whether the standard libraries are being
run through any of the commercial static checkers for possible buffer
overflows.

				John Nagle



More information about the Python-list mailing list