This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author belopolsky
Recipients alexandre.vassalotti, belopolsky
Date 2008-03-07.18:43:13
SpamBayes Score 0.10328154
Marked as misclassified No
Message-id <1204915395.68.0.838343903686.issue1950@psf.upfronthosting.co.za>
In-reply-to
Content
Your description of the patch is a bit misleading.  As far as I can tell
only the first chunk (Python/import.c changes) addresses a potential
buffer overflow.  For example the last chunk (Modules/posixmodule.c
changes) simply eliminates an unused variable.  While a worthwhile
change, it should not be bundled with what is potentially a security patch.

I have a few suggestions:

1. It will really help if you produce a test case that crashes the
interpretor.  I am sure that will get noticed.

2. If any of buffer overflows apply to the current production versions
(2.4 or 2.5) or even the alpha release (2.6a1), it would make sense to
backport it to the trunk.  Once again, security issues in the trunk will
get noticed much faster than in py3k branch.
History
Date User Action Args
2008-03-07 18:43:16belopolskysetspambayes_score: 0.103282 -> 0.10328154
recipients: + belopolsky, alexandre.vassalotti
2008-03-07 18:43:15belopolskysetspambayes_score: 0.103282 -> 0.103282
messageid: <1204915395.68.0.838343903686.issue1950@psf.upfronthosting.co.za>
2008-03-07 18:43:14belopolskylinkissue1950 messages
2008-03-07 18:43:13belopolskycreate