Message168643
A Py_ssize_t overflow can be constructed in _PySequence_BytesToCharpArray().
Patch attached.
Demonstration (requires revision >= 2af78f8a98e1):
Python 3.3.0b2+ (default:2af78f8a98e1, Aug 20 2012, 11:38:54)
[GCC 4.4.3] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys, _posixsubprocess
[65851 refs]
>>> class Z(object):
... def __len__(self):
... return sys.maxsize
... def __getitem__(self, i):
... return b'x'
...
[65923 refs]
>>> _posixsubprocess.fork_exec(1,Z(),3,[1, 2],5,6,7,8,9,10,11,12,13,14,15,16,17)
Segmentation fault |
|
Date |
User |
Action |
Args |
2012-08-20 09:55:31 | skrah | set | recipients:
+ skrah |
2012-08-20 09:55:30 | skrah | set | messageid: <1345456530.94.0.929465650961.issue15736@psf.upfronthosting.co.za> |
2012-08-20 09:55:09 | skrah | link | issue15736 messages |
2012-08-20 09:55:09 | skrah | create | |
|