I noticed this in PyErr_Format(exception, format, va_alist):
char buffer[500]; /* Caller is responsible for limiting the format */
...
vsprintf(buffer, format, vargs);
Making the caller responsible for this is error-prone. The danger, of
course, is a buffer overflow caused by generating an error string
that's larger than the buffer, possibly letting people execute
arbitrary code. We could add a test to the configure script for
vsnprintf() and use it when possible, but that only fixes the problem
on platforms which have it. Can we find an implementation of
vsnprintf() someplace?
--
A.M. Kuchling http://starship.python.net/crew/amk/
One form to rule them all, one form to find them, one form to bring them all
and in the darkness rewrite the hell out of them.
-- Digital Equipment Corporation, in a comment from SENDMAIL Ruleset 3
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4