Ned Williamson added the comment:
Thank you for the quick PR! I will report as behavior next time. I'm also
following the library reference and reporting only unexpected exceptions.
I trust you to reject any bugs that are expected functionality.
I may follow up with additional testcases
Ned Williamson added the comment:
```
import plistlib
dat =
b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00AAAnAAA'
plistlib.loads(dat, fmt=plistlib.FMT_BINARY)
```
raises
```
Traceback (most recent call last):
File "re
Ned Williamson added the comment:
```
import plistlib
dat =
b'AAAwAAA\xc9A\x9cAA\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00A\x04\xb2\xaaAA'
plistlib.loads(dat, fmt=plistlib.FMT_BINARY)
```
raises
```
Traceback (most recent call last):
File
Ned Williamson added the comment:
I'm filing related bugs under this same issue.
```
import plistlib
dat =
b'Q\xe4\xfeAIwAAA\xc9A\xc1AAA\xc1AAA\x9cAAnAAA\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00AA'
plistlib
Ned Williamson added the comment:
The crashing version numbers are from testing on the release Python 3.5, but I
think we can just fix this in 3.7+.
--
___
Python tracker
<https://bugs.python.org/issue31
New submission from Ned Williamson :
Hi,
The following program crashes for me using the current Python3.7 master:
```
import plistlib
plistlib.loads(b'\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
b'\xda\x0cw\xb7\x00\x00\x00\x00\x00\x00\x00\xc7\x00'
New submission from Ned Williamson:
This is very similar to the issue reported in
https://bugs.python.org/issue28963 - this function is still buggy when items
are pushed onto the done callbacks, as the new list is assumed to be large
enough.
The issue was pointed out on the code review page
Ned Williamson added the comment:
yselivanov, ah I think you're right. I misread that function after I noticed
the issue in the first one.
--
___
Python tracker
<http://bugs.python.org/is
New submission from Ned Williamson:
There are two cases of use-after-free in the new Modules/_asynciomodule.c in
the release candidate for Python 3.6, but I'm filing these together because
it's the same underlying issue.
In both cases in this file where the unsafe `PyList_GET_ITEM`
New submission from Ned Williamson:
static PyObject *
partial_setstate(partialobject *pto, PyObject *state)
{
PyObject *fn, *fnargs, *kw, *dict;
if (!PyArg_ParseTuple(state, "",
&fn, &fnargs, &kw, &dict))
return NU
Changes by Ned Williamson :
--
components: +Library (Lib)
___
Python tracker
<http://bugs.python.org/issue25945>
___
___
Python-bugs-list mailing list
Unsub
New submission from Ned Williamson:
static PyObject *
partial_setstate(partialobject *pto, PyObject *state)
{
PyObject *fn, *fnargs, *kw, *dict;
if (!PyArg_ParseTuple(state, "",
&fn, &fnargs, &kw, &dict))
return NU
New submission from Ned Williamson:
In function `_db_associateCallback` of the `_bsddb` module, associating two
databases with a callback that returns a sufficiently large list will lead to
heap corruption due an integer overflow on 32-bit Python.
>From `_bsddb.c`:
```
else
13 matches
Mail list logo
