Message 78312 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	vstinner
Recipients	ebfe, pitrou, vstinner
Date	2008年12月26日.22:32:36
SpamBayes Score	1.2400083e-05
Marked as misclassified	No
Message-id	<1230330757.97.0.710407230501.issue4751@psf.upfronthosting.co.za>

Content
If view.len is negative, EVP_hash() may read invalid memory :-/ Be careful of integer overflow in this block: Py_ssize_t offset = 0, sublen = len; while (sublen) { unsigned int process = sublen > MUNCH_SIZE ? MUNCH_SIZE : sublen; ... } You removed Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int) which should be used (eg. on process?). Note: you might modify len directly instead of using a second variable (sublen), and cp instead of using an offset.

Content

If view.len is negative, EVP_hash() may read invalid memory :-/ Be 
careful of integer overflow in this block:
 Py_ssize_t offset = 0, sublen = len;
 while (sublen) {
 unsigned int process = sublen > MUNCH_SIZE ? MUNCH_SIZE : 
sublen;
 ...
 }
You removed Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int) which 
should be used (eg. on process?).
Note: you might modify len directly instead of using a second variable 
(sublen), and cp instead of using an offset.

History
Date	User	Action	Args
2008年12月26日 22:32:38	vstinner	set	recipients: + vstinner, pitrou, ebfe
2008年12月26日 22:32:37	vstinner	set	messageid: <1230330757.97.0.710407230501.issue4751@psf.upfronthosting.co.za>
2008年12月26日 22:32:37	vstinner	link	issue4751 messages
2008年12月26日 22:32:36	vstinner	create

homepage