Is python buffer overflow proof?
John Nagle
nagle at animats.com
Tue Aug 4 01:06:06 EDT 2009
Gabriel Genellina wrote:
> En Mon, 03 Aug 2009 18:04:53 -0300, sturlamolden <sturlamolden at yahoo.no>
> escribió:
>
>> On 2 Aug, 15:50, Jizzai <jiz... at gmail.com> wrote:
>>
>>> Is a _pure_ python program buffer overflow proof?
>>>
>>> For example in C++ you can declare a char[9] to hold user input.
>>> If the user inputs 10+ chars a buffer overflow occurs.
>>
>> Short answer: NO
> I disagree. You've just translated the responsability to check for
> buffer overflows, from the Python VM, to the Java VM or the .Net runtime
> (and all three suffered from buffer overruns and other problems in some
> way or another).
A more useful question is whether the standard libraries are being
run through any of the commercial static checkers for possible buffer
overflows.
John Nagle
More information about the Python-list
mailing list