Author vstinner
Recipients Arfrever, cheryl.sabella, maker, neologix, pitrou, vstinner
Date 2019-04-17.17:00:09
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1555520409.92.0.230450355101.issue18564@roundup.psfhosted.org>
In-reply-to
Content
> In Modules/socketmodule.c , the bluetooth address supplied is vulnerable to integer overflow.

Attached PR 12864 modifies the following code:


  unsigned int b0, b1, b2, b3, b4, b5;
  char ch;
  int n;
  n = sscanf(name, "%X:%X:%X:%X:%X:%X%c", &b5, &b4, &b3, &b2, &b1, &b0, &ch);

Can someone please elaborate how this code can trigger an integer overflow? What is the consequence of an integer overflow? Does Python crash?
History
Date User Action Args
2019-04-17 17:00:09vstinnersetrecipients: + vstinner, pitrou, Arfrever, neologix, maker, cheryl.sabella
2019-04-17 17:00:09vstinnersetmessageid: <1555520409.92.0.230450355101.issue18564@roundup.psfhosted.org>
2019-04-17 17:00:09vstinnerlinkissue18564 messages
2019-04-17 17:00:09vstinnercreate