Is python buffer overflow proof?

John Nagle nagle at
Tue Aug 4 07:06:06 CEST 2009

Gabriel Genellina wrote:
> En Mon, 03 Aug 2009 18:04:53 -0300, sturlamolden <sturlamolden at> 
> escribió:
>> On 2 Aug, 15:50, Jizzai <jiz... at> wrote:
>>> Is a _pure_ python program buffer overflow proof?
>>> For example in C++ you can declare a char[9] to hold user input.
>>> If the user inputs 10+ chars a buffer overflow occurs.
>> Short answer: NO

> I disagree. You've just translated the responsability to check for 
> buffer overflows, from the Python VM, to the Java VM or the .Net runtime 
> (and all three suffered from buffer overruns and other problems in some 
> way or another). 

    A more useful question is whether the standard libraries are being
run through any of the commercial static checkers for possible buffer

				John Nagle

More information about the Python-list mailing list