New submission from Christian Heimes:
varname_converter() doesn't check the return value of PyUnicode_AsUTF8AndSize()
for NULL. The bug was introduced by
http://hg.python.org/cpython/rev/321b714653e3 / issue #20368
3. returned_null: Function "PyUnicode_AsUTF8AndSize(PyObject *, Py_ssize_t *)"
returns null (checked 28 out of 30 times).[show details]
4. var_assigned: Assigning: "s" = null return value from
"PyUnicode_AsUTF8AndSize(PyObject *, Py_ssize_t *)".
1399 s = PyUnicode_AsUTF8AndSize(in, &size);
5. Condition "size > 2147483647", taking false branch
1400 if (size > INT_MAX) {
1401 PyErr_SetString(PyExc_OverflowError, "string is too long");
1402 return 0;
1403 }
CID 1167595 (#1 of 1): Dereference null return value (NULL_RETURNS)6.
dereference: Dereferencing a pointer that might be null "s" when calling
"strlen(char const *)"
1404 if (strlen(s) != size) {
----------
components: Tkinter
files: cid1167595.patch
keywords: patch
messages: 210276
nosy: christian.heimes, larry, serhiy.storchaka
priority: release blocker
severity: normal
stage: patch review
status: open
title: Null pointer dereference in tkinter module
type: crash
versions: Python 3.4
Added file: http://bugs.python.org/file33918/cid1167595.patch
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue20515>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
