Message229455
Crashes python 3.4.1.
# Objects\unicodeobject.c
#
# static PyObject *
# case_operation(PyObject *self,
# Py_ssize_t (*perform)(int, void *, Py_ssize_t, Py_UCS4 *, Py_UCS4 *))
# {
# PyObject *res = NULL;
# Py_ssize_t length, newlength = 0;
# int kind, outkind;
# (...)
# 1 length = PyUnicode_GET_LENGTH(self);
# 2 tmp = PyMem_MALLOC(sizeof(Py_UCS4) * 3 * length);
# (...)
# 3 newlength = perform(kind, data, length, tmp, &maxchar);
#
# 1. there are no safety checks
# 2. 12*length overflows
# 3. perform() writes to tmp buffer, which is too small to hold the result |
|
Date |
User |
Action |
Args |
2014-10-15 14:50:30 | pkt | set | recipients:
+ pkt |
2014-10-15 14:50:30 | pkt | set | messageid: <1413384630.17.0.213972312804.issue22643@psf.upfronthosting.co.za> |
2014-10-15 14:50:30 | pkt | link | issue22643 messages |
2014-10-15 14:50:30 | pkt | create | |
|