New submission from Petru-Florin Mihancea <[email protected]>:
While experimenting with a CodeSonar plugin we develop, we noticed a potential
bug in file "cpython/Objects/sliceobject.c" line 116 function
PySlice_GetIndices.
if (r->start == Py_None) {
*start = *step < 0 ? length-1 : 0;
} else {
if (!PyInt_Check(r->start) && !PyLong_Check(r->step)) return -1;//HERE
*start = PyInt_AsSsize_t(r->start);
if (*start < 0) *start += length;
}
Shouldn't start field of r be used in the second check (instead of step)?
In a related potential issue, in line 123, shouldn't r->stop be checked in the
second verification?
Thanks,
Petru Florin Mihancea
----------
messages: 322394
nosy: [email protected]
priority: normal
severity: normal
status: open
title: Possible access to unintended variable in
"cpython/Objects/sliceobject.c" line 116
versions: Python 2.7
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue34229>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
