Message104149
In Objects/stringlib/fastsearch.h the lines:
if (!STRINGLIB_BLOOM(mask, s[i-1]))
and
if (!STRINGLIB_BLOOM(mask, s[i-1]))
can read beyond the front of the array that is passed to it when the loop enters with i = 0.
I originally noticed this when porting the algorithm to PyPy (which has bounds checking :)), all tests pass if I simple add `if i-1 >= 0` before the conditional. This doesn't appear to actually cause the algorithm to ever break, but it is unsafe. |
|
Date |
User |
Action |
Args |
2010-04-25 18:05:11 | alex | set | recipients:
+ alex |
2010-04-25 18:05:11 | alex | set | messageid: <1272218711.28.0.946765845832.issue8530@psf.upfronthosting.co.za> |
2010-04-25 18:05:09 | alex | link | issue8530 messages |
2010-04-25 18:05:09 | alex | create | |
|