Message 168643 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	skrah
Recipients	skrah
Date	2012-08-20.09:55:08
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1345456530.94.0.929465650961.issue15736@psf.upfronthosting.co.za>
In-reply-to

Content
A Py_ssize_t overflow can be constructed in _PySequence_BytesToCharpArray(). Patch attached. Demonstration (requires revision >= 2af78f8a98e1): Python 3.3.0b2+ (default:2af78f8a98e1, Aug 20 2012, 11:38:54) [GCC 4.4.3] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import sys, _posixsubprocess [65851 refs] >>> class Z(object): ... def __len__(self): ... return sys.maxsize ... def __getitem__(self, i): ... return b'x' ... [65923 refs] >>> _posixsubprocess.fork_exec(1,Z(),3,[1, 2],5,6,7,8,9,10,11,12,13,14,15,16,17) Segmentation fault

A Py_ssize_t overflow can be constructed in _PySequence_BytesToCharpArray().
Patch attached.


Demonstration (requires revision >= 2af78f8a98e1):

Python 3.3.0b2+ (default:2af78f8a98e1, Aug 20 2012, 11:38:54)
[GCC 4.4.3] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys, _posixsubprocess
[65851 refs]
>>> class Z(object):
...     def __len__(self):
...         return sys.maxsize
...     def __getitem__(self, i):
...         return b'x'
...
[65923 refs]
>>> _posixsubprocess.fork_exec(1,Z(),3,[1, 2],5,6,7,8,9,10,11,12,13,14,15,16,17)
Segmentation fault

History
Date	User	Action	Args
2012-08-20 09:55:31	skrah	set	recipients: + skrah
2012-08-20 09:55:30	skrah	set	messageid: <1345456530.94.0.929465650961.issue15736@psf.upfronthosting.co.za>
2012-08-20 09:55:09	skrah	link	issue15736 messages
2012-08-20 09:55:09	skrah	create