Ned Williamson <nedwilliam...@gmail.com> added the comment:
Thank you for the quick PR! I will report as behavior next time. I'm also
following the library reference and reporting only unexpected exceptions.
I trust you to reject any bugs that are expected functionality.
I may fol
Ned Williamson <nedwilliam...@gmail.com> added the comment:
```
import plistlib
dat =
b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00AAAnAAA'
plistlib.loads(dat, fmt=plistlib.FMT_BINARY)
```
raises
```
Traceback (most recent cal
Ned Williamson <nedwilliam...@gmail.com> added the comment:
```
import plistlib
dat =
b'AAAwAAA\xc9A\x9cAA\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00A\x04\xb2\xaaAA'
plistlib.loads(dat, fmt=plistlib.FMT_BINARY)
```
raises
```
Traceback (most recen
Ned Williamson <nedwilliam...@gmail.com> added the comment:
I'm filing related bugs under this same issue.
```
import plistlib
dat =
b'Q\xe4\xfeAIwAAA\xc9A\xc1AAA\xc1AAA\x9cAAnAAA\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
Ned Williamson <nedwilliam...@gmail.com> added the comment:
The crashing version numbers are from testing on the release Python 3.5, but I
think we can just fix this in 3.7+.
--
___
Python tracker <rep...@bugs.python.org>
<https://
New submission from Ned Williamson <nedwilliam...@gmail.com>:
Hi,
The following program crashes for me using the current Python3.7 master:
```
import plistlib
plistlib.loads(b'\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
b'\xda\x0cw\xb7\x00\x00\x00\x00\x00\x00\x00\x
New submission from Ned Williamson:
This is very similar to the issue reported in
https://bugs.python.org/issue28963 - this function is still buggy when items
are pushed onto the done callbacks, as the new list is assumed to be large
enough.
The issue was pointed out on the code review page
Ned Williamson added the comment:
yselivanov, ah I think you're right. I misread that function after I noticed
the issue in the first one.
--
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/i
New submission from Ned Williamson:
There are two cases of use-after-free in the new Modules/_asynciomodule.c in
the release candidate for Python 3.6, but I'm filing these together because
it's the same underlying issue.
In both cases in this file where the unsafe `PyList_GET_ITEM` is called
New submission from Ned Williamson:
In function `_db_associateCallback` of the `_bsddb` module, associating two
databases with a callback that returns a sufficiently large list will lead to
heap corruption due an integer overflow on 32-bit Python.
>From `_bsddb.c`:
```
e
New submission from Ned Williamson:
static PyObject *
partial_setstate(partialobject *pto, PyObject *state)
{
PyObject *fn, *fnargs, *kw, *dict;
if (!PyArg_ParseTuple(state, "",
, , , ))
return NULL;
Py_XDECREF(pto->fn);
Py_XDEC
Changes by Ned Williamson <nedwilliam...@gmail.com>:
--
components: +Library (Lib)
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python
New submission from Ned Williamson:
static PyObject *
partial_setstate(partialobject *pto, PyObject *state)
{
PyObject *fn, *fnargs, *kw, *dict;
if (!PyArg_ParseTuple(state, "",
, , , ))
return NULL;
Py_XDECREF(pto->fn);
Py_XDEC
13 matches
Mail list logo