[issue24467] bytearray pop and remove Buffer Over-read

DmitryJ added the comment: If this is the case, then issue24462 should be fixed by this patch as well. I'm sorry about missing the root cause here. -- ___ Python tracker <http://bugs.python.org/is

[issue24467] bytearray pop and remove Buffer Over-read

Changes by DmitryJ : Added file: http://bugs.python.org/file39784/issue24467-3.5.patch ___ Python tracker <http://bugs.python.org/issue24467> ___ ___ Python-bugs-list m

[issue24467] bytearray pop and remove Buffer Over-read

Changes by DmitryJ : Added file: http://bugs.python.org/file39783/issue24467-3.4.patch ___ Python tracker <http://bugs.python.org/issue24467> ___ ___ Python-bugs-list m

[issue24467] bytearray pop and remove Buffer Over-read

Changes by DmitryJ : Added file: http://bugs.python.org/file39781/issue24467-3.2.patch ___ Python tracker <http://bugs.python.org/issue24467> ___ ___ Python-bugs-list m

[issue24467] bytearray pop and remove Buffer Over-read

DmitryJ added the comment: Attached is a patch that fixes the reported issue. Since there are no visible side effects in Python, I could not write a test for this. -- keywords: +patch Added file: http://bugs.python.org/file39780/issue24467-2.7.patch

[issue24467] bytearray pop and remove Buffer Over-read

Changes by DmitryJ : Added file: http://bugs.python.org/file39782/issue24467-3.3.patch ___ Python tracker <http://bugs.python.org/issue24467> ___ ___ Python-bugs-list m

[issue24467] bytearray pop and remove Buffer Over-read

DmitryJ added the comment: Offending code in 2.7: https://hg.python.org/cpython/file/20c9290a5de4/Objects/bytearrayobject.c#l2381 https://hg.python.org/cpython/file/20c9290a5de4/Objects/bytearrayobject.c#l2412 Let n = 16, where = 0; memmove() then attempts to copy (n - where) = 16 bytes where

[issue24462] bytearray.find Buffer Over-read

DmitryJ added the comment: Attached please find a patch against the 2.7 branch. CPython built with the patch passes the tests from the test suite. Unfortunately, as there is not much control over memory allocation, there is no 100% reliable test case that would allow for reproducing the

[issue24481] hotshot pack_string Heap Buffer Overflow

Changes by DmitryJ : -- nosy: +dev_zzo ___ Python tracker <http://bugs.python.org/issue24481> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.pyth

[issue24462] bytearray.find Buffer Over-read

DmitryJ added the comment: I am preparing a patch for this issue, then. -- ___ Python tracker <http://bugs.python.org/issue24462> ___ ___ Python-bugs-list mailin

[issue24462] bytearray.find Buffer Over-read

DmitryJ added the comment: >From the author's page at http://effbot.org/zone/stringlib.htm "Note that the above Python code may access s[n], which would result in an IndexError exception. For the CPython implementation, this is not really a problem, since CPython adds trailing NU

[issue24462] bytearray.find Buffer Over-read

DmitryJ added the comment: Quick analysis tells this can be attributed to the following code (in 2.7): https://hg.python.org/cpython/file/a8e24d776e99/Objects/stringlib/fastsearch.h#l110 https://hg.python.org/cpython/file/a8e24d776e99/Objects/stringlib/fastsearch.h#l116 Suppose i = 0, then s[i