Tomas Hoger added the comment:
Is the final patch going to enable empty fragments unconditionally and will
ofter no way to disable them?
curl did that recently and ended up adding option to allow users to disable
empty fragments when they break compatibility:
http://curl.haxx.se/docs
Tomas Hoger added the comment:
You seem to be right that r65878 should block the "xsize = ysize = 0x8000"
integer overflow. I was testing on the python version with r60793, but not
with r65878. Note that the check added in r65878 should still cause crash on
divide-by-zero for
Tomas Hoger added the comment:
+ - If the name of an existing script is passed in ``argv[0]``, its absolute
+ path is prepended to :data:`sys.path`
Absolute path to the directory where script is located. And I believe there's
no absolute path guarantee for platforms without rea
Tomas Hoger added the comment:
> My reading of PySys_SetArgv is that if argv is NULL, then
> "char *argv0 = argv[0];" will read through NULL and thus will
> segfault on a typical platform.
Right.
> I favor Antoine's approach in
> http://bugs.python.org/file138
Tomas Hoger added the comment:
According to PEP-0004, affected module was deprecated in 2.5 and is no longer
part of 2.6 and later. Hence 2.5 only, not sure if that version is still
actively supported upstream.
--
nosy: +thoger
versions: -Python 2.6, Python 2.7
Tomas Hoger added the comment:
> Do you have any Python examples that failed to trigger the overflow
> on your platform?
No, I've not really tried to create some, as I found it while looking into
similar checks added to rgbimg module (which is dead and removed upstream now)
New submission from Tomas Hoger :
SVN commit r64114 added integer overflow checks to multiple modules. Checks
added to audioop module are incorrect and can still be bypassed:
http://svn.python.org/view/python/trunk/Modules/audioop.c?r1=64114&r2=64113
- audioop_tostereo - should be fine,
Tomas Hoger added the comment:
Can anyone move this to Stage: patch review (for the fix approach proposed in
msg90336)? Or does anyone have better idea on how to move this closer to final
fix or wontfix / reject? Thank you!
--
___
Python tracker
Tomas Hoger added the comment:
Has anyone else had an opportunity to have a look at the change proposed in
#msg90336?
--
___
Python tracker
<http://bugs.python.org/issue5
Tomas Hoger added the comment:
This is not really the same thing as issue 946373. That one seems to be
about adding script's directory as the first thing in sys.path.
Comments there seem to mix both interactive ('' in sys.path) and
non-interactive (os.path.dirname(os.path.abs
Tomas Hoger added the comment:
Additional API has one disadvantage - it requires a modification of all
affected applications embedding python, which is not likely to happen
soon after the API is introduced.
Therefore, it may still be worth reviewing current behaviour (that
seemed to have had
Tomas Hoger added the comment:
Have you considered something like this? (patch against 3.1)
--- Python/sysmodule.c.orig
+++ Python/sysmodule.c
@@ -1643,6 +1643,7 @@ PySys_SetArgv(int argc, wchar_t **argv)
#endif /* Unix */
}
#endif /* All others */
+ if (n >
12 matches
Mail list logo
