Message 97566 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	vstinner
Recipients	vstinner
Date	2010-01-11.01:05:03
SpamBayes Score	5.403982e-10
Marked as misclassified	No
Message-id	<1263171957.43.0.71285781195.issue7673@psf.upfronthosting.co.za>
In-reply-to

Content
Most functions of audioop takes as input a byte string (audio data) and a size argument (number of bytes of a sample). Functions don't check that the byte string length is a multiple of the size. It leads to read and write from/to uninitialised memory and might crash. Example on writing into uninitilized memory: $ python -c "import audioop; audioop.reverse('X', 2)" Fatal Python error: Inconsistent interned string state. Abandon It allocates a string of 1 byte and write 2 bytes into this string => memory corruption. Attached patch creates audioop_check_size() and audioop_check_parameters() functions.

Most functions of audioop takes as input a byte string (audio data) and a size argument (number of bytes of a sample). Functions don't check that the byte string length is a multiple of the size. It leads to read and write from/to uninitialised memory and might crash.

Example on writing into uninitilized memory:

    $ python -c "import audioop; audioop.reverse('X', 2)"
    Fatal Python error: Inconsistent interned string state.
    Abandon

It allocates a string of 1 byte and write 2 bytes into this string => memory corruption.

Attached patch creates audioop_check_size() and audioop_check_parameters() functions.

History
Date	User	Action	Args
2010-01-11 01:05:59	vstinner	set	recipients: + vstinner
2010-01-11 01:05:57	vstinner	set	messageid: <1263171957.43.0.71285781195.issue7673@psf.upfronthosting.co.za>
2010-01-11 01:05:55	vstinner	link	issue7673 messages
2010-01-11 01:05:55	vstinner	create