Message97566
Most functions of audioop takes as input a byte string (audio data) and a size argument (number of bytes of a sample). Functions don't check that the byte string length is a multiple of the size. It leads to read and write from/to uninitialised memory and might crash.
Example on writing into uninitilized memory:
$ python -c "import audioop; audioop.reverse('X', 2)"
Fatal Python error: Inconsistent interned string state.
Abandon
It allocates a string of 1 byte and write 2 bytes into this string => memory corruption.
Attached patch creates audioop_check_size() and audioop_check_parameters() functions. |
|
Date |
User |
Action |
Args |
2010-01-11 01:05:59 | vstinner | set | recipients:
+ vstinner |
2010-01-11 01:05:57 | vstinner | set | messageid: <1263171957.43.0.71285781195.issue7673@psf.upfronthosting.co.za> |
2010-01-11 01:05:55 | vstinner | link | issue7673 messages |
2010-01-11 01:05:55 | vstinner | create | |
|