[issue25021] product_setstate() Out-of-bounds Read

2015-09-07 Thread John Leitch
New submission from John Leitch: Python 3.3, 3.4, and 3.5 suffer from a vulnerability caused by the behavior of the product_setstate() function. When called, the function loops over the state tuple provided and clamps each given index to a value within a range from 0 up to the max number of po

[issue25021] product_setstate() Out-of-bounds Read

2015-09-07 Thread John Leitch
Changes by John Leitch : Added file: http://bugs.python.org/file40401/product_setstate_Type_Confusion.py ___ Python tracker ___ ___ Python-bug

[issue25021] product_setstate() Out-of-bounds Read

2015-09-07 Thread Raymond Hettinger
Changes by Raymond Hettinger : -- assignee: -> rhettinger ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http

[issue25021] product_setstate() Out-of-bounds Read

2015-09-07 Thread Raymond Hettinger
Changes by Raymond Hettinger : -- nosy: +kristjan.jonsson ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https

[issue25021] product_setstate() Out-of-bounds Read

2015-09-08 Thread Kristján Valur Jónsson
Kristján Valur Jónsson added the comment: Interesting. Let me have a look. -- ___ Python tracker ___ ___ Python-bugs-list mailing lis

[issue25021] product_setstate() Out-of-bounds Read

2015-09-08 Thread Kristján Valur Jónsson
Kristján Valur Jónsson added the comment: An alternative patch. Please test this since I don't have a development system. -- keywords: +needs review Added file: http://bugs.python.org/file40404/itertoolsmodule.c.patch ___ Python tracker

[issue25021] product_setstate() Out-of-bounds Read

2015-09-08 Thread Kristján Valur Jónsson
Kristján Valur Jónsson added the comment: There are two problems with the previous patch: 1) it can put out of bounds values into lz->indices. This can cause problems then next time product_next() is called. 2) the case of a pool having zero size is not dealt with (it wasn't before either). My

[issue25021] product_setstate() Out-of-bounds Read

2015-09-08 Thread John Leitch
John Leitch added the comment: Glancing over the code, I see the issues you describe. Tonight I will verify your revised patch and report back. -- ___ Python tracker ___ ___

[issue25021] product_setstate() Out-of-bounds Read

2015-09-08 Thread John Leitch
John Leitch added the comment: All appears well. -- ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mai

[issue25021] product_setstate() Out-of-bounds Read

2015-09-10 Thread Raymond Hettinger
Changes by Raymond Hettinger : -- assignee: rhettinger -> kristjan.jonsson ___ Python tracker ___ ___ Python-bugs-list mailing list Un

[issue25021] product_setstate() Out-of-bounds Read

2015-09-10 Thread Kristján Valur Jónsson
Kristján Valur Jónsson added the comment: Thanks, I'll get this committed and merged asap. -- ___ Python tracker ___ ___ Python-bugs-l

[issue25021] product_setstate() Out-of-bounds Read

2015-09-12 Thread Roundup Robot
Roundup Robot added the comment: New changeset 8cc052c28910 by Kristján Valur Jónsson in branch '3.3': Issue #25021: Correctly make sure that product.__setstate__ does not access https://hg.python.org/cpython/rev/8cc052c28910 New changeset 4f85b6228697 by Kristján Valur Jónsson in branch '3.4':

[issue25021] product_setstate() Out-of-bounds Read

2015-09-12 Thread Kristján Valur Jónsson
Changes by Kristján Valur Jónsson : -- stage: -> resolved ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http

[issue25021] product_setstate() Out-of-bounds Read

2015-09-12 Thread Raymond Hettinger
Changes by Raymond Hettinger : -- resolution: -> fixed status: open -> closed ___ Python tracker ___ ___ Python-bugs-list mailing lis

[issue25021] product_setstate() Out-of-bounds Read

2015-09-18 Thread Arfrever Frehtes Taifersar Arahesis
Changes by Arfrever Frehtes Taifersar Arahesis : -- nosy: +Arfrever ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscri