Message 277427 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	christian.heimes
Recipients	Andrey Wagin, benjamin.peterson, berker.peksag, christian.heimes, martin.panter
Date	2016年09月26日.14:59:57
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1474901997.61.0.0701696620248.issue24933@psf.upfronthosting.co.za>

Content
MSG_TRUNC literally causes a buffer overflow. In the example sock_recv() and friends only allocate a buffer of size 1 on the heap. With MSG_TRUNC recv() ignores the maximum size and writes beyond the buffer. We cannot recover from a buffer overflow because the overflow might have damanged other data structures. Instead Python should detect the problem and forcefully abort() the process with Py_FatalError().

Content

MSG_TRUNC literally causes a buffer overflow. In the example sock_recv() and friends only allocate a buffer of size 1 on the heap. With MSG_TRUNC recv() ignores the maximum size and writes beyond the buffer. We cannot recover from a buffer overflow because the overflow might have damanged other data structures. Instead Python should detect the problem and forcefully abort() the process with Py_FatalError().

History
Date	User	Action	Args
2016年09月26日 14:59:57	christian.heimes	set	recipients: + christian.heimes, benjamin.peterson, berker.peksag, martin.panter, Andrey Wagin
2016年09月26日 14:59:57	christian.heimes	set	messageid: <1474901997.61.0.0701696620248.issue24933@psf.upfronthosting.co.za>
2016年09月26日 14:59:57	christian.heimes	link	issue24933 messages
2016年09月26日 14:59:57	christian.heimes	create

homepage