On Mon, 03 Aug 2009 14:04:53 -0700, sturlamolden wrote: > On 2 Aug, 15:50, Jizzai <jiz...@gmail.com> wrote: > >> Is a _pure_ python program buffer overflow proof? >> >> For example in C++ you can declare a char[9] to hold user input. If the >> user inputs 10+ chars a buffer overflow occurs. > > Short answer: NO > > Bounds checking on sequence types is a protection against buffer > overflow, but is certainly not sufficient. > > The Python interpreter is written in C. Python extension modules are > written in C (or something similar). If you find an unprotected buffer > in this C code, you can possibly overflow this buffer.
How are C extension modules "_pure_ python"? -- Steven -- http://mail.python.org/mailman/listinfo/python-list
