[Bug 395204] Re: python-gdchart causes python to crash

Kees Cook kees at ubuntu.com
Fri Jul 10 21:08:27 UTC 2009


It seems that PyString_Size and PyString_AsString aren't getting along?

        slen = PyString_Size(pstr);
        if (slen = 0)
            goto cleanup;
        mem = malloc((size_t)slen+1);
        if (mem == NULL){
            PyErr_NoMemory();
            goto cleanup;
        }
        char *fun = PyString_AsString(pstr);
        printf("slen:%d strlen(fun):%d\n", slen, strlen(fun));
        strcpy(mem, PyString_AsString(pstr));

This prints: 
slen:0 strlen(fun):1

with the above example script.  Perhaps it should be using
PyString_AsStringAndSize ?  Or just use strdup...

Regardless, this does not appear to be a security issue, but a "normal"
bug.  Thanks for the backtrace and details!

** Visibility changed to: Public

** This bug is no longer flagged as a security vulnerability

-- 
python-gdchart causes python to crash
https://bugs.launchpad.net/bugs/395204
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs




More information about the universe-bugs mailing list