On 2016-07-22 16:36, Guido van Rossum wrote: > Somebody did some research and found some bugs in CPython (IIUC). The > published some questionable fragments. If there's a volunteer we could > probably easily fix these. (I know we already have occasional Coverity > scans and there are other tools too (anybody try lgtm yet?) But this > seems honest research (also Python leaves Ruby in the dust :-): > > http://www.viva64.com/en/b/0414/ I had a closer look at the report. About half of the bugs, maybe more are not in the C code of CPython but in OpenSSL code. I really mean OpenSSL code, not _ssl.c and _hashopenssl.c. It's safe to assume that they forgot to exclude external dependencies. The issues in ASN1_PRINTABLE_type() [N2], BN_mask_bits() [N4 bn_lib.c, digest.c, evp_enc.c], dh_cms_set_peerkey() [N5, dh_ameth.c] and cms_env_set_version() [N6, cms_env.c] are all OpenSSL issues and should be reported to OpenSSL. Guido, did the company contact you or do you have Pavel Belikov's email address? Christian
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4