David Remahl [EMAIL PROTECTED] added the comment:
I submit that a check for negative values (non-assert-based) should be
added to PyString_FromStringAndSize(). This API is called from many, many
places, and in several cases the operand could probably be negative. It
should raise an overflow
Alexander Belopolsky [EMAIL PROTECTED] added the comment:
On Thu, Apr 10, 2008 at 1:17 PM, David Remahl [EMAIL PROTECTED] wrote:
I submit that a check for negative values (non-assert-based) should be
added to PyString_FromStringAndSize().
See issue2587 and r62262.
New submission from Justin Ferguson [EMAIL PROTECTED]:
The zlib module in multiple places fails to adequately check the sanity
of its arguments resulting in memory corruption, please see two attached
PoCs.
--
components: Extension Modules
files:
Changes by Justin Ferguson [EMAIL PROTECTED]:
Added file:
http://bugs.python.org/file9984/python-2.5.2-zlib-unflush-signedness.py
__
Tracker [EMAIL PROTECTED]
http://bugs.python.org/issue2586
__
Justin Ferguson [EMAIL PROTECTED] added the comment:
Just so you know, the scripts actually do two different things-- the
bugs are both related to negative values though. One causes
PyString_FromStringAndSize() to try an allocate zero bytes (the -24
one), the other causes like 22 bytes to get
Alexander Belopolsky [EMAIL PROTECTED] added the comment:
This has just been fixed in the trunk: r62235.
--
nosy: +belopolsky
__
Tracker [EMAIL PROTECTED]
http://bugs.python.org/issue2586
__
Raymond Hettinger [EMAIL PROTECTED] added the comment:
Thx
--
resolution: - fixed
status: open - closed
__
Tracker [EMAIL PROTECTED]
http://bugs.python.org/issue2586
__
___