Message32695
This patch fixes the string formatting overflow problem. It tries to do a
little better than MAL's magic number (50) check.
[Tim P on MAL's original patch]
> but I'll join Fred in objecting to the code
> it's mimicking: not only do magic numbers suck, but these particular magic
> numbers implicitly rely on PyString_Format's tmpbuf vector being declared of
> another magical size larger than them. As usual, flaky code gets flakier.
My patch still uses the magic number for the temporary buffer. This seems to me
a good practical limit. With the patch this buffer can no longer overflow (as
well, it is faster than malloc'ing a perfect sized buffer every time).
[MAL]
> A redesign would, of course, use a malloced buffer, the n-variants
> of printf() and add long support ;-) ... maybe for 1.7.
No long support in this patch :(
[Guido on MAL's original patch]
> Having read the patch and the discussion about magic numbers, I agree
> with Marc-Andre: let's apply the quick fix now, worry about
> correctness later.
Maybe this patch is preferable.
|
|
Date |
User |
Action |
Args |
2007-08-23 14:59:26 | admin | link | issue400507 messages |
2007-08-23 14:59:26 | admin | create | |
|