Bugs item #1688393, was opened at 2007-03-26 11:13
Message generated for change (Comment added) made by facundobatista
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1688393&group_id=5470
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Andrew Bennetts (spiv)
>Assigned to: Facundo Batista (facundobatista)
Summary: sock.recvfrom(-24) crashes
Initial Comment:
Actually sock.recvfrom(x) crashes or causes memory corruption for all values in
-sizeof(PyStringObject) <= x < 0, I think.
This script demonstrates the problem:
import socket, sys
s1 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s1.bind(('127.0.0.1', 9999))
s2 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s2.sendto('fdsjkldsfkj', ('127.0.0.1', 9999))
print s1.recvfrom(-24)
Try e.g. -1 instead of -24 as well.
I'm attaching a patch that fixes this bug, and adds a simple test for it too.
Other sock_recv* functions in socketmodule.c seem to already catch negative
recvlen values and raise ValueError, but for some reason recvfrom missed out.
----------------------------------------------------------------------
>Comment By: Facundo Batista (facundobatista)
Date: 2007-03-28 00:46
Message:
Logged In: YES
user_id=752496
Originator: NO
Applied this to the trunk, let's see if we should backport it to 2.5.x
before close this bug.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1688393&group_id=5470
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
