pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Python 2.4 & 2.5 vulnerable, Patches inside

Jonathan Schleifer wrote:
> Christian Biere <> wrote:
> > As expected from Apple, this is junk. People who don't understand 
> > the meaning of undefined behavior and integer overflow shouldn't be
> > let anywhere near a C compiler.
> To which patch exactly are you reffering, as the other patches I
> included were taken from Gentoo. I only had a quick look at them, I
> must admit, though, and did not check if they really fix the issue.

I'm talking about nonsense such as this:

 + int bytesize, nsize
 +    bytesize = nsize * 2;
 +    if (bytesize / 2 != nsize)
 +      return PyErr_NoMemory();

The use of INT_MAX is rather funny. I guess Python is called "high-level"
because it was developed at the top of an ivory tower.


Home | Main Index | Thread Index | Old Index