This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: Fix for bug PR#341 (string formatting overflow)
Type: Stage:
Components: None Versions:
process
Status: closed Resolution:
Dependencies: Superseder:
Assigned To: lemburg Nosy List: gvanrossum, lemburg, tmick
Priority: normal Keywords: patch

Created on 2000-06-07 02:38 by tmick, last changed 2022-04-10 16:02 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
None tmick, 2000-06-07 02:38 None
Messages (6)
msg32692 - (view) Author: Trent Mick (tmick) (Python triager) Date: 2000-06-07 02:38
msg32693 - (view) Author: Guido van Rossum (gvanrossum) * (Python committer) Date: 2000-06-27 14:43 
Marc-Andre, please review this.
msg32694 - (view) Author: Trent Mick (tmick) (Python triager) Date: 2000-06-07 02:39 
I confirm that, to the best of my knowledge and belief, this
contribution is free of any claims of third parties under
copyright, patent or other rights or interests ("claims").  To
the extent that I have any such claims, I hereby grant to CNRI a
nonexclusive, irrevocable, royalty-free, worldwide license to
reproduce, distribute, perform and/or display publicly, prepare
derivative versions, and otherwise use this contribution as part
of the Python software and its related documentation, or any
derivative versions thereof, at no cost to CNRI or its licensed
users, and to authorize others to do so.

I acknowledge that CNRI may, at its sole discretion, decide
whether or not to incorporate this contribution in the Python
software and its related documentation.  I further grant CNRI
permission to use my name and other identifying information
provided to CNRI by me for use in connection with the Python
software and its related documentation.
msg32695 - (view) Author: Trent Mick (tmick) (Python triager) Date: 2000-06-07 02:40 
This patch fixes the string formatting overflow problem. It tries to do a
little better than MAL's magic number (50) check.


[Tim P on MAL's original patch]
> but I'll join Fred in objecting to the code
> it's mimicking:  not only do magic numbers suck, but these particular magic
> numbers implicitly rely on PyString_Format's tmpbuf vector being declared of
> another magical size larger than them.  As usual, flaky code gets flakier.

My patch still uses the magic number for the temporary buffer. This seems to me
a good practical limit. With the patch this buffer can no longer overflow (as
well, it is faster than malloc'ing a perfect sized buffer every time).

[MAL]
> A redesign would, of course, use a malloced buffer, the n-variants
> of printf() and add long support ;-) ... maybe for 1.7.

No long support in this patch :(

[Guido on MAL's original patch]
> Having read the patch and the discussion about magic numbers, I agree
> with Marc-Andre: let's apply the quick fix now, worry about
> correctness later.

Maybe this patch is preferable.
msg32696 - (view) Author: Marc-Andre Lemburg (lemburg) * (Python committer) Date: 2000-06-28 17:46 
Ok, I'll look into this by the end of the week.
msg32697 - (view) Author: Marc-Andre Lemburg (lemburg) * (Python committer) Date: 2000-06-30 10:30 
Checked in.
History
Date User Action Args
2022-04-10 16:02:00adminsetgithub: 32430
2000-06-07 02:38:53tmickcreate