Changes by STINNER Victor victor.stin...@gmail.com:
--
nosy: +haypo
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17016
___
___
Python-bugs-list
Roundup Robot added the comment:
New changeset 27162465316f by Serhiy Storchaka in branch '2.7':
Issue #17016: Get rid of possible pointer wraparounds and integer overflows
http://hg.python.org/cpython/rev/27162465316f
New changeset 2673d207c524 by Serhiy Storchaka in branch '3.3':
Issue
Changes by Serhiy Storchaka storch...@gmail.com:
--
components: +Extension Modules
resolution: - fixed
stage: patch review - committed/rejected
status: open - closed
versions: -Python 3.2
___
Python tracker rep...@bugs.python.org
Serhiy Storchaka added the comment:
Thank you, Nickolai, for the patch.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17016
___
___
Serhiy Storchaka added the comment:
Of course it would be nice to have the tests for so much cases as possible, but
I am afraid that it will not be easy. The patch LGTM.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17016
Serhiy Storchaka added the comment:
Nickolai, can you please submit a contributor form?
http://python.org/psf/contrib/contrib-form/
http://python.org/psf/contrib/
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17016
Nickolai Zeldovich added the comment:
I just submitted the contributor form -- thanks for the reminder.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17016
___
Nickolai Zeldovich added the comment:
I get an HTTP error when trying to upload another patch through Rietveld, so
here's a revised patch that avoids the need for Py_uintptr_t (thanks Serhiy).
--
Added file: http://bugs.python.org/file29379/pp-3.patch
Nickolai Zeldovich added the comment:
Sorry for the delay. Attached is an updated patch that should fix all of the
issues mentioned in this bug report.
--
Added file: http://bugs.python.org/file29368/pp-2.patch
___
Python tracker
Serhiy Storchaka added the comment:
Nickolai, are you want to update your patch with fixes for other possible
pointer overflows? Note, that the maximal repetition number has been increased
now.
--
assignee: - serhiy.storchaka
___
Python tracker
Nickolai Zeldovich added the comment:
Lines 2777 and 3111 do indeed look suspect, because gcc can compile (ptr +
offset ptr) into (offset 0):
nickolai@sahara:/tmp$ cat x.c
void bar();
void
foo(char* ptr, int offset)
{
if (ptr + offset ptr)
bar();
}
nickolai@sahara:/tmp$ gcc x.c -S
Matthew Barnett added the comment:
You're checking int offset, but what happens with unsigned int offset?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17016
___
Nickolai Zeldovich added the comment:
For an unsigned int offset, see my original bug report: gcc eliminates the
check altogether, since offset = 0 by definition.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17016
New submission from Nickolai Zeldovich:
Modules/_sre.c relies on pointer overflow in 5 places to check that the
supplied offset does not cause wraparound when added to a base pointer; e.g.:
SRE_CODE prefix_len;
GET_ARG; prefix_len = arg;
Changes by Ezio Melotti ezio.melo...@gmail.com:
--
components: +Regular Expressions -None
nosy: +ezio.melotti, mark.dickinson, mrabarnett, serhiy.storchaka
stage: - patch review
versions: +Python 2.7, Python 3.2, Python 3.3, Python 3.4 -Python 3.5
Serhiy Storchaka added the comment:
LGTM.
There are other doubtful places, at lines: 658, 678, 1000, 1084, 2777, 3111.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17016
___
Matthew Barnett added the comment:
Lines 1000 and 1084 will be a problem only if you're near the top of the
address space. This is because:
1. ctx-pattern[1] will always be = ctx-pattern[2].
2. A value of 65535 in ctx-pattern[2] means unlimited, even though SRE_CODE is
now UCS4.
See also
17 matches
Mail list logo
