[Bug 56633] Re: buffer overrun in repr() for unicode strings
** Bug 64639 has been marked a duplicate of this bug -- buffer overrun in repr() for unicode strings https://launchpad.net/bugs/56633 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 56633] Re: buffer overrun in repr() for unicode strings
http://www.ubuntu.com/usn/usn-359-1 python2.3/edgy has recently been fixed as well. Thank you! ** Changed in: python2.4 (Ubuntu Dapper) Status: In Progress => Fix Released -- buffer overrun in repr() for unicode strings https://launchpad.net/bugs/56633 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 56633] Re: buffer overrun in repr() for unicode strings
btw, i can confirm that this fix has been applied in edgy on the following python interpreters: python2.4 2.4.3-8ubuntu2 python2.5 2.5-0ubuntu1 however it's still broken in the following edgy python: python2.3 2.3.5-15ubuntu1 and in dapper it's broken too, at least in the version i have installed: python2.4 2.4.2-0ubuntu3 On Tue, 2006-10-03 at 01:54 +, Kees Cook wrote: > I've got debdiffs built, and will be sending to pitti shortly. > -- buffer overrun in repr() for unicode strings https://launchpad.net/bugs/56633 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 56633] Re: buffer overrun in repr() for unicode strings
I've got debdiffs built, and will be sending to pitti shortly. -- buffer overrun in repr() for unicode strings https://launchpad.net/bugs/56633 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 56633] Re: buffer overrun in repr() for unicode strings
Upstream 2.4 patch: http://svn.python.org/view/python/branches/release24-maint/Objects/unicodeobject.c?p2=%2Fpython%2Fbranches%2Frelease24-maint%2FObjects%2Funicodeobject.c&p1=python%2Fbranches%2Frelease24-maint%2FObjects%2Funicodeobject.c&r1=51466&r2=51465&rev=51466&view=diff&makepatch=1&diff_format=u I can confirm edgy is fixed. >From testing, it looks like python2.3 is vulnerable as well. -- buffer overrun in repr() for unicode strings https://launchpad.net/bugs/56633 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 56633] Re: buffer overrun in repr() for unicode strings
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2006-4980 -- buffer overrun in repr() for unicode strings https://launchpad.net/bugs/56633 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 56633] Re: buffer overrun in repr() for unicode strings
fixed in 2.4.3-8ubuntu2 (edgy) ** Changed in: python2.4 (Ubuntu) Status: Confirmed => Fix Released -- buffer overrun in repr() for unicode strings https://launchpad.net/bugs/56633 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 56633] Re: buffer overrun in repr() for unicode strings
I will backport the fix to stables once edgy is confirmed to be fixed. Matthias, what's the status on this? Thank you ** Changed in: python2.4 (Ubuntu Dapper) Importance: Untriaged => High Assignee: (unassigned) => Martin Pitt Status: Unconfirmed => In Progress -- buffer overrun in repr() for unicode strings https://launchpad.net/bugs/56633 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 56633] Re: buffer overrun in repr() for unicode strings
Re-opening the bug. ** Changed in: python2.4 (Ubuntu) Status: Fix Released => Confirmed -- buffer overrun in repr() for unicode strings https://launchpad.net/bugs/56633 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 56633] Re: [Bug 56633] Re: buffer overrun in repr() for unicode strings
this bug does not appear to be actually fixed in version 2.4.3-8ubuntu1 (i.e. the patch has not been applied): $ apt-cache show python2.4 | fgrep Version Version: 2.4.3-8ubuntu1 Version 2.4 of the high-level, interactive object oriented language, Python-Version: 2.4 $ python2.4 -c 'assert(repr(u"\U0001" * 39 +u"\u" * 4096)) ==(repr(u"\U0001" * 39 + u"\u" * 4096))' *** glibc detected *** python2.4: realloc(): invalid next size: 0x081a2628 *** === Backtrace: = /lib/tls/i686/cmov/libc.so.6[0xb7e0d38a] /lib/tls/i686/cmov/libc.so.6(__libc_realloc+0xff)[0xb7e0dcbf] python2.4(_PyString_Resize+0x91)[0x8084bb1] python2.4[0x809c0c8] python2.4(PyObject_Repr+0x65)[0x807edc5] python2.4(PyEval_EvalFrame+0x4801)[0x80b8941] python2.4(PyEval_EvalCodeEx+0x839)[0x80b9fc9] python2.4(PyEval_EvalCode+0x57)[0x80ba037] python2.4(PyRun_SimpleStringFlags+0xa8)[0x80dd3d8] python2.4(Py_Main+0x684)[0x8055884] python2.4(main+0x22)[0x80550f2] /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xdc)[0xb7dba8cc] python2.4[0x8055041] === Memory map: 08048000-0812 r-xp 08:03 623527 /usr/bin/python2.4 0812-08141000 rw-p 000d8000 08:03 623527 /usr/bin/python2.4 08141000-081b8000 rw-p 08141000 00:00 0 [heap] b7b0-b7b21000 rw-p b7b0 00:00 0 b7b21000-b7c0 ---p b7b21000 00:00 0 b7cc3000-b7ccd000 r-xp 08:03 2285687/lib/libgcc_s.so.1 b7ccd000-b7cce000 rw-p 9000 08:03 2285687/lib/libgcc_s.so.1 b7ceb000-b7d1e000 r--p 08:03 82634 /usr/lib/locale/en_US.utf8/LC_CTYPE b7d1e000-b7d21000 r-xp 08:03 635852 /usr/lib/python2.4/lib-dynload/_locale.so b7d21000-b7d22000 rw-p 3000 08:03 635852 /usr/lib/python2.4/lib-dynload/_locale.so b7d22000-b7da5000 rw-p b7d22000 00:00 0 b7da5000-b7ed2000 r-xp 08:03 2362694/lib/tls/i686/cmov/libc-2.4.so b7ed2000-b7ed4000 r--p 0012c000 08:03 2362694/lib/tls/i686/cmov/libc-2.4.so b7ed4000-b7ed6000 rw-p 0012e000 08:03 2362694/lib/tls/i686/cmov/libc-2.4.so b7ed6000-b7ed9000 rw-p b7ed6000 00:00 0 b7ed9000-b7efd000 r-xp 08:03 2363095/lib/tls/i686/cmov/libm-2.4.so b7efd000-b7eff000 rw-p 00023000 08:03 2363095/lib/tls/i686/cmov/libm-2.4.so b7eff000-b7f01000 r-xp 08:03 2363110 /lib/tls/i686/cmov/libutil-2.4.so b7f01000-b7f03000 rw-p 1000 08:03 2363110 /lib/tls/i686/cmov/libutil-2.4.so b7f03000-b7f04000 rw-p b7f03000 00:00 0 b7f04000-b7f06000 r-xp 08:03 2363094/lib/tls/i686/cmov/libdl-2.4.so b7f06000-b7f08000 rw-p 1000 08:03 2363094/lib/tls/i686/cmov/libdl-2.4.so b7f08000-b7f17000 r-xp 08:03 2363105 /lib/tls/i686/cmov/libpthread-2.4.so b7f17000-b7f19000 rw-p f000 08:03 2363105 /lib/tls/i686/cmov/libpthread-2.4.so b7f19000-b7f1b000 rw-p b7f19000 00:00 0 b7f31000-b7f38000 r--s 08:03 2130376 /usr/lib/gconv/gconv-modules.cache b7f38000-b7f3a000 rw-p b7f38000 00:00 0 b7f3a000-b7f53000 r-xp 08:03 376899 /lib/ld-2.4.so b7f53000-b7f55000 rw-p 00018000 08:03 376899 /lib/ld-2.4.so bff0d000-bff23000 rw-p bff0d000 00:00 0 [stack] e000-f000 ---p 00:00 0 [vdso] Aborted $ On 8/25/06, Matthias Klose <[EMAIL PROTECTED]> wrote: > fixed in 2.4.3-8ubuntu1 > > > ** Changed in: python2.4 (Ubuntu) > Assignee: (unassigned) => Matthias Klose >Status: Confirmed => Fix Released > > -- > buffer overrun in repr() for unicode strings > https://launchpad.net/bugs/56633 > -- buffer overrun in repr() for unicode strings https://launchpad.net/bugs/56633 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 56633] Re: buffer overrun in repr() for unicode strings
fixed in 2.4.3-8ubuntu1 ** Changed in: python2.4 (Ubuntu) Assignee: (unassigned) => Matthias Klose Status: Confirmed => Fix Released -- buffer overrun in repr() for unicode strings https://launchpad.net/bugs/56633 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 56633] Re: [Bug 56633] Re: buffer overrun in repr() for unicode strings
Thanks! Perhaps this will inspire me to write a patch for the buggy UTF-7 codec... On 8/22/06, Simon Law <[EMAIL PROTECTED]> wrote: > It appears that Georg Brandl has applied this patch. > > It should show up in the next release of Python 2.4. > > ** Bug watch added: Python at Sourceforge #1541585 > > http://sourceforge.net/tracker/index.php?aid=1541585&group_id=5470&atid=305470&func=detail > > ** Also affects: python (upstream) via > > http://sourceforge.net/tracker/index.php?aid=1541585&group_id=5470&atid=305470&func=detail >Importance: Unknown >Status: Unknown > > -- > buffer overrun in repr() for unicode strings > https://launchpad.net/bugs/56633 > -- buffer overrun in repr() for unicode strings https://launchpad.net/bugs/56633 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 56633] Re: buffer overrun in repr() for unicode strings
It appears that Georg Brandl has applied this patch. It should show up in the next release of Python 2.4. ** Bug watch added: Python at Sourceforge #1541585 http://sourceforge.net/tracker/index.php?aid=1541585&group_id=5470&atid=305470&func=detail ** Also affects: python (upstream) via http://sourceforge.net/tracker/index.php?aid=1541585&group_id=5470&atid=305470&func=detail Importance: Unknown Status: Unknown -- buffer overrun in repr() for unicode strings https://launchpad.net/bugs/56633 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 56633] Re: buffer overrun in repr() for unicode strings
thanks! let me know if they need any more info from the systems i tested this on. -- buffer overrun in repr() for unicode strings https://launchpad.net/bugs/56633 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 56633] Re: buffer overrun in repr() for unicode strings
Sent upstream as http://sourceforge.net/tracker/index.php?func=detail&aid=1541585&group_id=5470&atid=305470 ** Changed in: python2.4 (Ubuntu) Status: Needs Info => Confirmed ** Changed in: python2.4 (Ubuntu) Importance: Untriaged => Medium -- buffer overrun in repr() for unicode strings https://launchpad.net/bugs/56633 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 56633] Re: buffer overrun in repr() for unicode strings
i don't care who gets credit and i'm really busy. can you send it upstream? btw, i've attached the patch. -- buffer overrun in repr() for unicode strings https://launchpad.net/bugs/56633 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 56633] Re: buffer overrun in repr() for unicode strings
Hi Benjamin, Have you sent this upstream to the Python bug tracker on SourceForge? If not, I'd suggest doing this so that they can merge it in. If you'd like I can also send this up as well, but it seems like you'd like to be the one to get credit for your patch. Thanks. ** Changed in: python2.4 (Ubuntu) Status: Unconfirmed => Needs Info -- buffer overrun in repr() for unicode strings https://launchpad.net/bugs/56633 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs