Bugs item #1501223, was opened at 2006-06-05 16:45 Message generated for change (Comment added) made by tim_one You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1501223&group_id=5470
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Windows Group: Python 2.5 Status: Open Resolution: None Priority: 5 Submitted By: Brett Cannon (bcannon) Assigned to: Nobody/Anonymous (nobody) Summary: Possible buffer overflow in Python/sysmodule.c Initial Comment: Line 1070 (along with lines 1075 and 1080) have sprintf() calls that store "cp%d" into a buffer that is 10 characters long. But an unsigned int could be 32 bits, which means 10 digits on its own. Add in the need for a null byte and the "cp" part and it would seem the buffer is 3 characters short. ---------------------------------------------------------------------- >Comment By: Tim Peters (tim_one) Date: 2006-06-05 17:02 Message: Logged In: YES user_id=31435 So make it bigger ;-) In reality, I don't believe any Windows "code page" needs more than 5 digits, so there are actually a couple bytes to spare, but boosting the buffer size wouldn't hurt. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1501223&group_id=5470 _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
