Message170373
| Author |
christian.heimes |
| Recipients |
christian.heimes, vstinner |
| Date |
2012年09月12日.12:36:40 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1347453422.44.0.810518034926.issue15930@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
Coverity has found a buffer overrun in wcstombs_errorpos() defined at
http://hg.python.org/cpython/file/25e41fdc4e60/Objects/unicodeobject.c#l3237
Message:
CID 719672: Out-of-bounds access (OVERRUN)At (2): Overrunning array "buf" of 2 4-byte elements by passing it to a function which accesses it at element index 15 (byte offset 60) using argument "16UL".
On a 64bit Linux system SIZE_OF_WCHAR_T is 4 and MB_LEN_MAX 16. In this constellation buf is 8 bytes long (wchar_t[2]) but outbuf has a size of 16 bytes. This causes a buffer overrun in wcstombs(outbuf, buf, sizeof(outbuf)). |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2012年09月12日 12:37:02 | christian.heimes | set | recipients:
+ christian.heimes, vstinner |
| 2012年09月12日 12:37:02 | christian.heimes | set | messageid: <1347453422.44.0.810518034926.issue15930@psf.upfronthosting.co.za> |
| 2012年09月12日 12:36:41 | christian.heimes | link | issue15930 messages |
| 2012年09月12日 12:36:40 | christian.heimes | create |
|