Alexander Belopolsky <belopol...@users.sourceforge.net> added the comment:
The patch as written causes buffer overflow for year >= 10,000: >>> len(time.asctime( (10000, 1, 1, 0, 0, 0, 0, 1, -1))) 26 >>> len(time.asctime( (100000, 1, 1, 0, 0, 0, 0, 1, -1))) 27 while the buffer is only 26 characters: + static char result[26]; + + sprintf(result, "%.3s %.3s%3d %.2d:%.2d:%.2d %d\n", This can be fixed in multiple ways: changing the year format to %.4d, using PyString_Format, or restricting the year to 4 decimal digits in check_bounds. A nit pick: you can save some static storage by making wday_name and mon_name and possibly increase performance of asctime 2d arrays instead of arrays of pointers to null-terminated strings. See http://www.opengroup.org/onlinepubs/009695399/functions/asctime.html . Just as Martin, I am split on whether the patch is correct. The fact that it is almost a copy of POSIX reference implementation gives some confidence, but that confidence is taken away by the reference implementation having a buffer overflow bug. I am also not sure that all systems produce the same end of line character. I would like to hear from Windows experts. ---------- components: +Extension Modules, Windows -Distutils stage: needs patch -> patch review _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue6608> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
