This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author eryksun
Recipients eryksun, martin.panter, serhiy.storchaka, svenberkvens
Date 2015-11-20.11:11:46
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1448017907.17.0.608997461396.issue25678@psf.upfronthosting.co.za>
In-reply-to
Content 
> Now we have an example, and can backport that patch.

More seriously it's possible to get a buffer over-read using NumPy:

    >>> import numpy
    >>> int(buffer(numpy.array('123', dtype='c')))
    Traceback (most recent call last):
      File "<stdin>", line 1, in <module>
     ValueError: invalid literal for int() with base 10: '123\xe1\x18\x7f'

I backported the modification to PyNumber_Int and PyNumber_Long, using PyString_FromStringAndSize and PyString_AS_STRING. It works as expected:

    Python 2.7.10+ (2.7:5d88c1d413b9+, Nov 20 2015, 04:58:55) 
    [GCC 4.8.4] on linux2
    Type "help", "copyright", "credits" or "license" for more 
    information.
    >>> int(buffer('123test', 1, 2))
    23
    [41951 refs]
    >>> long(buffer('123test', 1, 2))
    23L
    [41952 refs]
History
Date User Action Args
2015-11-20 11:11:47eryksunsetrecipients: + eryksun, svenberkvens, martin.panter, serhiy.storchaka
2015-11-20 11:11:47eryksunsetmessageid: <1448017907.17.0.608997461396.issue25678@psf.upfronthosting.co.za>
2015-11-20 11:11:47eryksunlinkissue25678 messages
2015-11-20 11:11:46eryksuncreate