[issue17016] _sre: avoid relying on pointer overflow

2013-10-31 Thread STINNER Victor
Changes by STINNER Victor : -- nosy: +haypo ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python

[issue17016] _sre: avoid relying on pointer overflow

2013-04-13 Thread Serhiy Storchaka
Serhiy Storchaka added the comment: Thank you, Nickolai, for the patch. -- ___ Python tracker ___ ___ Python-bugs-list mailing list Un

[issue17016] _sre: avoid relying on pointer overflow

2013-04-13 Thread Serhiy Storchaka
Changes by Serhiy Storchaka : -- components: +Extension Modules resolution: -> fixed stage: patch review -> committed/rejected status: open -> closed versions: -Python 3.2 ___ Python tracker _

[issue17016] _sre: avoid relying on pointer overflow

2013-04-13 Thread Roundup Robot
Roundup Robot added the comment: New changeset 27162465316f by Serhiy Storchaka in branch '2.7': Issue #17016: Get rid of possible pointer wraparounds and integer overflows http://hg.python.org/cpython/rev/27162465316f New changeset 2673d207c524 by Serhiy Storchaka in branch '3.3': Issue #17016:

[issue17016] _sre: avoid relying on pointer overflow

2013-03-14 Thread Serhiy Storchaka
Serhiy Storchaka added the comment: Of course it would be nice to have the tests for so much cases as possible, but I am afraid that it will not be easy. The patch LGTM. -- ___ Python tracker _

[issue17016] _sre: avoid relying on pointer overflow

2013-03-11 Thread Nickolai Zeldovich
Nickolai Zeldovich added the comment: I get an HTTP error when trying to upload another patch through Rietveld, so here's a revised patch that avoids the need for Py_uintptr_t (thanks Serhiy). -- Added file: http://bugs.python.org/file29379/pp-3.patch __

[issue17016] _sre: avoid relying on pointer overflow

2013-03-11 Thread Nickolai Zeldovich
Nickolai Zeldovich added the comment: I just submitted the contributor form -- thanks for the reminder. -- ___ Python tracker ___ ___

[issue17016] _sre: avoid relying on pointer overflow

2013-03-11 Thread Serhiy Storchaka
Serhiy Storchaka added the comment: Nickolai, can you please submit a contributor form? http://python.org/psf/contrib/contrib-form/ http://python.org/psf/contrib/ -- ___ Python tracker

[issue17016] _sre: avoid relying on pointer overflow

2013-03-10 Thread Nickolai Zeldovich
Nickolai Zeldovich added the comment: Sorry for the delay. Attached is an updated patch that should fix all of the issues mentioned in this bug report. -- Added file: http://bugs.python.org/file29368/pp-2.patch ___ Python tracker

[issue17016] _sre: avoid relying on pointer overflow

2013-02-16 Thread Serhiy Storchaka
Serhiy Storchaka added the comment: Nickolai, are you want to update your patch with fixes for other possible pointer overflows? Note, that the maximal repetition number has been increased now. -- assignee: -> serhiy.storchaka ___ Python tracker <

[issue17016] _sre: avoid relying on pointer overflow

2013-01-23 Thread Nickolai Zeldovich
Nickolai Zeldovich added the comment: For an unsigned int offset, see my original bug report: gcc eliminates the check altogether, since offset >= 0 by definition. -- ___ Python tracker ___

[issue17016] _sre: avoid relying on pointer overflow

2013-01-23 Thread Matthew Barnett
Matthew Barnett added the comment: You're checking "int offset", but what happens with "unsigned int offset"? -- ___ Python tracker ___ __

[issue17016] _sre: avoid relying on pointer overflow

2013-01-23 Thread Nickolai Zeldovich
Nickolai Zeldovich added the comment: Lines 2777 and 3111 do indeed look suspect, because gcc can compile (ptr + offset < ptr) into (offset < 0): nickolai@sahara:/tmp$ cat x.c void bar(); void foo(char* ptr, int offset) { if (ptr + offset < ptr) bar(); } nickolai@sahara:/tmp$ gcc x.c -S

[issue17016] _sre: avoid relying on pointer overflow

2013-01-22 Thread Matthew Barnett
Matthew Barnett added the comment: Lines 1000 and 1084 will be a problem only if you're near the top of the address space. This is because: 1. ctx->pattern[1] will always be <= ctx->pattern[2]. 2. A value of 65535 in ctx->pattern[2] means unlimited, even though SRE_CODE is now UCS4. See also

[issue17016] _sre: avoid relying on pointer overflow

2013-01-22 Thread Serhiy Storchaka
Serhiy Storchaka added the comment: LGTM. There are other doubtful places, at lines: 658, 678, 1000, 1084, 2777, 3111. -- ___ Python tracker ___

[issue17016] _sre: avoid relying on pointer overflow

2013-01-22 Thread Ezio Melotti
Changes by Ezio Melotti : -- components: +Regular Expressions -None nosy: +ezio.melotti, mark.dickinson, mrabarnett, serhiy.storchaka stage: -> patch review versions: +Python 2.7, Python 3.2, Python 3.3, Python 3.4 -Python 3.5 ___ Python tracker

[issue17016] _sre: avoid relying on pointer overflow

2013-01-22 Thread Nickolai Zeldovich
New submission from Nickolai Zeldovich: Modules/_sre.c relies on pointer overflow in 5 places to check that the supplied offset does not cause wraparound when added to a base pointer; e.g.: SRE_CODE prefix_len; GET_ARG; prefix_len = arg;