gumpy <[EMAIL PROTECTED]> added the comment:
It turns out the problems in array are more serious than I thought and
allow writing to unallocated memory through a memoryview leading to
memory corruption, segfaults and possibly exploits. The following
example extends an array enough to trigger a realloc of the array's buffer.
Python 3.0 (r30:67503, Dec 4 2008, 13:30:57)
[GCC 4.2.4 (Ubuntu 4.2.4-1ubuntu3)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from array import array
>>> a = array('i', range(16))
>>> m = memoryview(a)
>>> a.extend(array('i', range(48))
... )
>>> m[:] = array('i', [0] * (len(m) // m.itemsize))
*** glibc detected *** python3.0: corrupted double-linked list:
0x0822c1f8 ***
_______________________________________
Python tracker <[EMAIL PROTECTED]>
<http://bugs.python.org/issue4509>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
