[issue4317] Buffer overflow in imageop module

Amaury Forgeot d'Arc <[EMAIL PROTECTED]> added the comment: Fixed in revisions r67266, 67267, r67268, r67270: (trunk, 2.6, 2.5, 2.4) -- resolution: -> fixed status: open -> closed ___ Python tracker <[EMAIL PROTECTED]>

[issue4317] Buffer overflow in imageop module

STINNER Victor <[EMAIL PROTECTED]> added the comment: When I wrote my patch to fix division by zero (and detection of -n * -n overflow), I also wrote a script to test imageop module. I fixed the limit of the input string to 1024 bytes, and so the rgb crash was not detected. Here is my script w

[issue4317] Buffer overflow in imageop module

Benjamin Peterson <[EMAIL PROTECTED]> added the comment: Looks good. -- keywords: -needs review nosy: +benjamin.peterson ___ Python tracker <[EMAIL PROTECTED]> ___ ___

[issue4317] Buffer overflow in imageop module

Amaury Forgeot d'Arc <[EMAIL PROTECTED]> added the comment: Of course I uploaded the wrong patch. Trying again. Added file: http://bugs.python.org/file12002/rgbcrash.diff ___ Python tracker <[EMAIL PROTECTED]> __

[issue4317] Buffer overflow in imageop module

Changes by Amaury Forgeot d'Arc <[EMAIL PROTECTED]>: Removed file: http://bugs.python.org/file12001/rgbcrash.diff ___ Python tracker <[EMAIL PROTECTED]> ___ ___

[issue4317] Buffer overflow in imageop module

STINNER Victor <[EMAIL PROTECTED]> added the comment: Ooops. That's why I asked for one or more reviewers :-) -- nosy: +haypo ___ Python tracker <[EMAIL PROTECTED]> ___ ___

[issue4317] Buffer overflow in imageop module

New submission from Amaury Forgeot d'Arc <[EMAIL PROTECTED]>: The interpreter sometimes segfaults when running the test suite, in test_imageop. A more reliable crasher is: >>> import imageop >>> s = "A" * 32000 >>> imageop.rgb2rgb8(s, 1, len(s)) The failure was recently introduced by r66689, a