New submission from Christian Heimes: Coverity has found a buffer overrun in wcstombs_errorpos() defined at http://hg.python.org/cpython/file/25e41fdc4e60/Objects/unicodeobject.c#l3237
Message: CID 719672: Out-of-bounds access (OVERRUN)At (2): Overrunning array "buf" of 2 4-byte elements by passing it to a function which accesses it at element index 15 (byte offset 60) using argument "16UL". On a 64bit Linux system SIZE_OF_WCHAR_T is 4 and MB_LEN_MAX 16. In this constellation buf is 8 bytes long (wchar_t[2]) but outbuf has a size of 16 bytes. This causes a buffer overrun in wcstombs(outbuf, buf, sizeof(outbuf)). ---------- keywords: 3.3regression messages: 170373 nosy: christian.heimes, haypo priority: normal severity: normal status: open title: buffer overrun in wcstombs_errorpos() type: resource usage versions: Python 3.3 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue15930> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
