STINNER Victor <vstin...@redhat.com> added the comment:
> _testcapimodule.c is mostly imported as _testcapi in tests. I am not sure > this is a security issue. The function triggers a memory overflow on purpose. Handling memory allocation failure is the least of your problem if you call this function :-) The whole module is designed to testing purpose only. "_" prefix in "_testapi" means that it must not be used. It's not documented on purpose. Attached PR fix the bug. ---------- components: +Tests title: Potential null pointer de-reference vulnerability -> _testcapi.pymem_buffer_overflow() doesn't handle memory allocation failure type: security -> versions: +Python 3.7, Python 3.8 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue36436> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com