Message250040
I wasn't able to repro the crash at all, even with the debugging flags that make this sort of issue more prominent. It relies on a very precise layout of multiple objects in memory, or possibly a specific sequence of allocations/deallocations, as well as a format string ending in an unescaped '%' or (on Windows) '%#'.
It's still obviously an issue though - we should have the check for '\0' there by any reasonably analysis of the code, or else should not be adding 2 to the pointer to start the next step of the search. |
|
Date |
User |
Action |
Args |
2015-09-07 03:06:03 | steve.dower | set | recipients:
+ steve.dower, lemburg, georg.brandl, paul.moore, belopolsky, vstinner, larry, tim.golden, BreamoreBoy, python-dev, zach.ware, eryksun, JohnLeitch, brycedarling |
2015-09-07 03:06:03 | steve.dower | set | messageid: <1441595163.23.0.601843048458.issue24917@psf.upfronthosting.co.za> |
2015-09-07 03:06:03 | steve.dower | link | issue24917 messages |
2015-09-07 03:06:02 | steve.dower | create | |
|