This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients vstinner
Date 2010-01-11.01:05:03
SpamBayes Score 5.403982e-10
Marked as misclassified No
Message-id <1263171957.43.0.71285781195.issue7673@psf.upfronthosting.co.za>
In-reply-to
Content
Most functions of audioop takes as input a byte string (audio data) and a size argument (number of bytes of a sample). Functions don't check that the byte string length is a multiple of the size. It leads to read and write from/to uninitialised memory and might crash.

Example on writing into uninitilized memory:

    $ python -c "import audioop; audioop.reverse('X', 2)"
    Fatal Python error: Inconsistent interned string state.
    Abandon

It allocates a string of 1 byte and write 2 bytes into this string => memory corruption.

Attached patch creates audioop_check_size() and audioop_check_parameters() functions.
History
Date User Action Args
2010-01-11 01:05:59vstinnersetrecipients: + vstinner
2010-01-11 01:05:57vstinnersetmessageid: <1263171957.43.0.71285781195.issue7673@psf.upfronthosting.co.za>
2010-01-11 01:05:55vstinnerlinkissue7673 messages
2010-01-11 01:05:55vstinnercreate