Am 12.09.2012 18:14, schrieb Terry Reedy: > On 9/12/2012 10:22 AM, Stefan Krah wrote: >> christian.heimes <python-checkins at python.org> wrote: >>> Fix out of bounds read in long_new() for empty bytes with an explicit >>> base. >>> int(b'', somebase) calls PyLong_FromString() with char* of length 1 > > I don't know what happens internally, but such calls raise > ValueError: invalid literal for int() with base 16: '' > Of course, even if int() traps such calls before calling > PyLong_FromString, an extension writer could goof. > > Does the length 1 come from added \0? Coverity (a static code analyzing tool) claims that the some code paths may read beyond the end of data when an empty byte string and any base is given. Internally b'' is converted to a null terminated char array (PyBytes_AS_STRING() returns a null terminated char*). My change shortcuts the execution path and immediately raises an exception for the combination of b'' and some base. > By the way, excessively long lines in checkin messages are a nuisance > from reading and responding ;-). Sorry! In the future I'll add more line breaks. :)
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4