New submission from tehybel:
I would like to describe an issue in the _elementtree module, and then
propose a fix which would prevent this type of bug everywhere in the
codebase.
The issue exists in _elementtree_Element_get_impl in
/Modules/_elementtree.c. Here is the code:
static PyObject
Changes by tehybel <tehy...@gmail.com>:
--
versions: +Python 3.5, Python 3.6
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python
New submission from tehybel:
Here I'll describe five distinct issues I found. Common to them all is that they
reside in the built-in dictionary object.
Four of them are use-after-frees and one is an array-out-of-bounds indexing bug.
All of the described functions reside in /Objects
New submission from tehybel:
Here I'll describe two issues in the "hotshot" module which can be found in
/Modules/_hotshot.c. Note that this module is for Python 2.7 only.
The issues are (1) an uninitialized variable use and (2) a double free.
Issue 1: uninitialized vari
New submission from tehybel:
Here I will describe 6 issues with various core objects (bytearray, list) and
the array module.
Common to them all is that they arise due to a misuse of the function
PySlice_GetIndicesEx.
This type of issue results in out-of-bounds array indexing which leads
New submission from tehybel:
I'll describe 7 issues in the /Modules/_elementtree.c module here. They
include multiple use-after-frees, type confusions and instances of
out-of-bounds array indexing.
Issue 1: use-after-free in element_get_text
The problematic code looks like
New submission from tehybel:
The first issue is a type confusion which resides in the sqlite3 module, in the
file connection.c. The function pysqlite_connection_cursor takes an optional
argument, a factory callable:
if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|O&quo
tehybel added the comment:
The patch seems correct to me.
--
nosy: +tehybel
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue27760>
___
__
tehybel added the comment:
Thanks for fixing this. I looked at the patch and it seems correct.
--
nosy: +tehybel
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/i