This issue tracker has been migrated to GitHub ,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
| Author | jnferguson |
|---|---|
| Recipients | jnferguson |
| Date | 2008年04月08日.15:55:08 |
| SpamBayes Score | 0.18597141 |
| Marked as misclassified | No |
| Message-id | <1207670110.11.0.605807538943.issue2588@psf.upfronthosting.co.za> |
| In-reply-to |
| Content | |
|---|---|
The PyOS_vsnprintf() contains the caveat that the length parameter
cannot be zero, however this is only enforced via assert() which is
compiled out. As a result if the length parameter is zero then the
function will underflow and write a null byte to invalid memory.
53 int
54 PyOS_vsnprintf(char *str, size_t size, const char *format, va_list va)
55 {
56 int len; /* # bytes written, excluding 0円 */
57 #ifndef HAVE_SNPRINTF
58 char *buffer;
59 #endif
60 assert(str != NULL);
61 assert(size > 0);
62 assert(format != NULL);
[...]
65 len = vsnprintf(str, size, format, va);
[...]
91 str[size-1] = '0円';
92 return len;
93 } |
|
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2008年04月08日 15:55:10 | jnferguson | set | spambayes_score: 0.185971 -> 0.18597141 recipients: + jnferguson |
| 2008年04月08日 15:55:10 | jnferguson | set | spambayes_score: 0.185971 -> 0.185971 messageid: <1207670110.11.0.605807538943.issue2588@psf.upfronthosting.co.za> |
| 2008年04月08日 15:55:09 | jnferguson | link | issue2588 messages |
| 2008年04月08日 15:55:08 | jnferguson | create | |