[issue2588] PyOS_vsnprintf() underflow leads to memory corruption

Petr Splichal added the comment: Justin, is there any reproducer available for this issue? Thanks! -- nosy: +psss ___ Python tracker ___ _

[issue2588] PyOS_vsnprintf() underflow leads to memory corruption

Gregory P. Smith <[EMAIL PROTECTED]> added the comment: Fixed in release25-maint r63883. -- resolution: -> fixed status: open -> closed ___ Python tracker <[EMAIL PROTECTED]> ___

[issue2588] PyOS_vsnprintf() underflow leads to memory corruption

Changes by Gregory P. Smith <[EMAIL PROTECTED]>: -- assignee: -> gregory.p.smith keywords: +patch nosy: +gregory.p.smith priority: -> normal __ Tracker <[EMAIL PROTECTED]> __ ___

[issue2588] PyOS_vsnprintf() underflow leads to memory corruption

Justin Ferguson <[EMAIL PROTECTED]> added the comment: Yep, that works for me. __ Tracker <[EMAIL PROTECTED]> __ ___ Python-bugs-list mailing list Unsub

[issue2588] PyOS_vsnprintf() underflow leads to memory corruption

Alexander Belopolsky <[EMAIL PROTECTED]> added the comment: On Wed, Apr 9, 2008 at 1:16 PM, Justin Ferguson <[EMAIL PROTECTED]> wrote: .. > That said, theres plenty of other implementations that manage this > without the potential of underflowing a buffer > Do you have in mind something like t

[issue2588] PyOS_vsnprintf() underflow leads to memory corruption

Justin Ferguson <[EMAIL PROTECTED]> added the comment: Actually, I'm not sure things are any better today- even the same operating system but different versions have inconsistencies, for instance on some versions of RHEL the vsnprintf() can fail during unicode conversion. MSVCRT still returns -1

[issue2588] PyOS_vsnprintf() underflow leads to memory corruption

Alexander Belopolsky <[EMAIL PROTECTED]> added the comment: On Tue, Apr 8, 2008 at 9:21 PM, Justin Ferguson <[EMAIL PROTECTED]> wrote: > .. > While no one seems to ever use it this way, don't forget that a good > alternative to asprintf() is calling sprintf() with a length of zero to > get th

[issue2588] PyOS_vsnprintf() underflow leads to memory corruption

Justin Ferguson <[EMAIL PROTECTED]> added the comment: I do agree with your point about snprintf(..., sizeof(x), ...)-- my single biggest point (and maybe i'm just not seeing it), is that there appears to be no good reason for having this caveat and in turn its essentially just code waiting to br

[issue2588] PyOS_vsnprintf() underflow leads to memory corruption

Alexander Belopolsky <[EMAIL PROTECTED]> added the comment: As long as snprintf is used with a fixed size buffer using an idiom snprintf(buffer, sizeof(buffer), ..) there is no issue because sizeof(buffer) cannot be zero. AFAICT, this is how python uses PyOS_vsnprintf wrapper. On the other

[issue2588] PyOS_vsnprintf() underflow leads to memory corruption

Justin Ferguson <[EMAIL PROTECTED]> added the comment: I can generally agree with that, and I admit I haven't verified all of the code paths here- theres several hundred of them leading into this function, are you positive all of them are safe? (seems like it would be easier to just move the chec

[issue2588] PyOS_vsnprintf() underflow leads to memory corruption

Amaury Forgeot d'Arc <[EMAIL PROTECTED]> added the comment: I think that programming errors against the python API are best checked with asserts: I develop in development mode (with asserts enabled), then I want my released program to run at full speed. Other thoughts? -- nosy: +amaury.

[issue2588] PyOS_vsnprintf() underflow leads to memory corruption

Changes by Justin Ferguson <[EMAIL PROTECTED]>: -- components: +Interpreter Core -Distutils __ Tracker <[EMAIL PROTECTED]> __ ___ Python-bugs-li

[issue2588] PyOS_vsnprintf() underflow leads to memory corruption

New submission from Justin Ferguson <[EMAIL PROTECTED]>: The PyOS_vsnprintf() contains the caveat that the length parameter cannot be zero, however this is only enforced via assert() which is compiled out. As a result if the length parameter is zero then the function will underflow and write a nu