Re: Python 2.4 & 2.5 vulnerable, Patches inside

To: pkgsrc-users%netbsd.org@localhost
Subject: Re: Python 2.4 & 2.5 vulnerable, Patches inside
From: Christian Biere <christianbiere%gmx.de@localhost>
Date: Thu, 7 Aug 2008 16:50:06 +0200

Jonathan Schleifer wrote:
> Christian Biere <christianbiere%gmx.de@localhost> wrote:
> 
> > As expected from Apple, this is junk. People who don't understand 
> > the meaning of undefined behavior and integer overflow shouldn't be
> > let anywhere near a C compiler.
> 
> To which patch exactly are you reffering, as the other patches I
> included were taken from Gentoo. I only had a quick look at them, I
> must admit, though, and did not check if they really fix the issue.

I'm talking about nonsense such as this:

 + int bytesize, nsize
[...]
 +    bytesize = nsize * 2;
 +    if (bytesize / 2 != nsize)
 +      return PyErr_NoMemory();

The use of INT_MAX is rather funny. I guess Python is called "high-level"
because it was developed at the top of an ivory tower.

-- 
Christian

Follow-Ups:
- Re: Python 2.4 & 2.5 vulnerable, Patches inside
  - From: Jonathan Schleifer

References:
- Python 2.4 & 2.5 vulnerable, Patches inside
  - From: Jonathan Schleifer
- Re: Python 2.4 & 2.5 vulnerable, Patches inside
  - From: Christian Biere
- Re: Python 2.4 & 2.5 vulnerable, Patches inside
  - From: Jonathan Schleifer

Prev by Date: Re: can't bootstrap pkgsrc 2008Q2
Next by Date: Re: Wyrd broken on alpha
Previous by Thread: Re: Python 2.4 & 2.5 vulnerable, Patches inside
Next by Thread: Re: Python 2.4 & 2.5 vulnerable, Patches inside
Indexes:

Home | Main Index | Thread Index | Old Index