This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author steve.dower
Recipients BreamoreBoy, JohnLeitch, belopolsky, brycedarling, eryksun, georg.brandl, larry, lemburg, paul.moore, python-dev, steve.dower, tim.golden, vstinner, zach.ware
Date 2015-09-07.03:06:02
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1441595163.23.0.601843048458.issue24917@psf.upfronthosting.co.za>
In-reply-to
Content 
I wasn't able to repro the crash at all, even with the debugging flags that make this sort of issue more prominent. It relies on a very precise layout of multiple objects in memory, or possibly a specific sequence of allocations/deallocations, as well as a format string ending in an unescaped '%' or (on Windows) '%#'.

It's still obviously an issue though - we should have the check for '\0' there by any reasonably analysis of the code, or else should not be adding 2 to the pointer to start the next step of the search.
History
Date User Action Args
2015-09-07 03:06:03steve.dowersetrecipients: + steve.dower, lemburg, georg.brandl, paul.moore, belopolsky, vstinner, larry, tim.golden, BreamoreBoy, python-dev, zach.ware, eryksun, JohnLeitch, brycedarling
2015-09-07 03:06:03steve.dowersetmessageid: <1441595163.23.0.601843048458.issue24917@psf.upfronthosting.co.za>
2015-09-07 03:06:03steve.dowerlinkissue24917 messages
2015-09-07 03:06:02steve.dowercreate