Message254077
Going through the commits for Issue 22896, I noticed compile(), eval() and exec() also suffer from a similar flaw. They check strlen(buffer) but the buffer may not be null-terminated:
>>> eval(memoryview(b"1234")[1:3])
TypeError: source code string cannot contain null bytes |
|
Date |
User |
Action |
Args |
2015-11-05 00:01:01 | martin.panter | set | recipients:
+ martin.panter, mark.dickinson, eric.smith, serhiy.storchaka, JohnLeitch |
2015-11-05 00:01:01 | martin.panter | set | messageid: <1446681661.85.0.468887433018.issue24802@psf.upfronthosting.co.za> |
2015-11-05 00:01:01 | martin.panter | link | issue24802 messages |
2015-11-05 00:01:01 | martin.panter | create | |
|