On 22 May 2017 at 19:17, Steve Dower <steve.dower at python.org> wrote: > One of the main reasons we are stuck with an old libffi fork in CPython is > because the newer versions do not support protection from calling functions > with too few/many arguments: > > https://docs.python.org/3/library/ctypes.html?highlight=ctypes#calling-functions > > There are a number of caveats here, including "this only works on Windows", > but since it is documented we cannot just remove the behaviour without a > deprecation period. > > I'd like to propose a highly-accelerated deprecation period for this > specific feature, starting in CPython 3.6.2 and being "completed" in 3.7.0, > when we will hopefully move onto a newer libffi. > > In general, the "feature" is a misfeature anyway, since calling a native > function with incorrect arguments is unsupported and a very easy way to > cause information leakage or code execution vulnerabilities. There may be an > argument for removing the functionality immediately, but honestly I think > changing libffi in a point release is higher risk. > > Once the special protection is removed, most of these cases will become > OSError due to the general protection against segmentation faults. Some will > undoubtedly fall through the cracks and crash the entire interpreter, but > these are unavoidable (and really ought to crash to avoid potential > exploits). > > Does anyone have any reasons to oppose this? It already has votes from > another Windows expert and the 3.6/3.7 Release Manager, but we wanted to see > if anyone has a concern we haven't thought of. +1 from me. Paul
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4