Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 159424 Details for
Bug 230640
dev-lang/python <2.4.4-r14 integer overflows (CVE-2008-2315, CVE-2008-2316)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
misc fixes 2.5
MISC-FIXES-release25-maint.diff (text/plain), 1.62 KB, created by
Matthias Geerdsen (RETIRED)
on 2008-07-03 14:46:36 UTC
(
hide
)
Description:
misc fixes 2.5
Filename:
MIME Type:
Creator:
Matthias Geerdsen (RETIRED)
Created:
2008-07-03 14:46:36 UTC
Size:
1.62 KB
patch
obsolete
>Index: Modules/bz2module.c >=================================================================== >--- Modules/bz2module.c (revision 64642) >+++ Modules/bz2module.c (working copy) >@@ -525,7 +525,7 @@ > buffersize = Util_NewBufferSize((size_t)0); > else > buffersize = bytesrequested; >- if (buffersize > INT_MAX) { >+ if (buffersize > PY_SSIZE_T_MAX) { > PyErr_SetString(PyExc_OverflowError, > "requested number of bytes is " > "more than a Python string can hold"); >Index: Objects/fileobject.c >=================================================================== >--- Objects/fileobject.c (revision 64642) >+++ Objects/fileobject.c (working copy) >@@ -831,7 +831,6 @@ > long bytesrequested = -1; > size_t bytesread, buffersize, chunksize; > PyObject *v; >- > if (f->f_fp == NULL) > return err_closed(); > /* refuse to mix with f.next() */ >@@ -845,6 +844,7 @@ > buffersize = new_buffersize(f, (size_t)0); > else > buffersize = bytesrequested; >+ > if (buffersize > PY_SSIZE_T_MAX) { > PyErr_SetString(PyExc_OverflowError, > "requested number of bytes is more than a Python string can hold"); >@@ -1075,7 +1075,7 @@ > * into its buffer. > */ > total_v_size = MAXBUFSIZE << 1; >- v = PyString_FromStringAndSize((char*)NULL, (int)total_v_size); >+ v = PyString_FromStringAndSize((char*)NULL, total_v_size); > if (v == NULL) > return v; > /* copy over everything except the last null byte */ >@@ -1130,7 +1130,7 @@ > Py_DECREF(v); > return NULL; > } >- if (_PyString_Resize(&v, (int)total_v_size) < 0) >+ if (_PyString_Resize(&v, (Py_ssize_t)total_v_size) < 0) > return NULL; > /* overwrite the trailing null byte */ > pvfree = BUF(v) + (prev_v_size - 1);
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 230640
:
159416
|
159418
|
159420
|
159422
|
159424
|
159426
|
160652
|
160655
|
161580
|
161588
|
161617