bdaf8532-ded6-4d4c-9bb3-51fd76040dc1
commented
23 years ago Closed bdaf8532-ded6-4d4c-9bb3-51fd76040dc1 closed 23 years ago
bdaf8532-ded6-4d4c-9bb3-51fd76040dc1
commented
23 years ago 
gvanrossum
commented
23 years ago Marc-Andre, please review this.
bdaf8532-ded6-4d4c-9bb3-51fd76040dc1
commented
23 years ago I confirm that, to the best of my knowledge and belief, this contribution is free of any claims of third parties under copyright, patent or other rights or interests ("claims"). To the extent that I have any such claims, I hereby grant to CNRI a nonexclusive, irrevocable, royalty-free, worldwide license to reproduce, distribute, perform and/or display publicly, prepare derivative versions, and otherwise use this contribution as part of the Python software and its related documentation, or any derivative versions thereof, at no cost to CNRI or its licensed users, and to authorize others to do so.
I acknowledge that CNRI may, at its sole discretion, decide whether or not to incorporate this contribution in the Python software and its related documentation. I further grant CNRI permission to use my name and other identifying information provided to CNRI by me for use in connection with the Python software and its related documentation.
bdaf8532-ded6-4d4c-9bb3-51fd76040dc1
commented
23 years ago This patch fixes the string formatting overflow problem. It tries to do a little better than MAL's magic number (50) check.
[Tim P on MAL's original patch]
but I'll join Fred in objecting to the code it's mimicking: not only do magic numbers suck, but these particular magic numbers implicitly rely on PyString_Format's tmpbuf vector being declared of another magical size larger than them. As usual, flaky code gets flakier.
My patch still uses the magic number for the temporary buffer. This seems to me a good practical limit. With the patch this buffer can no longer overflow (as well, it is faster than malloc'ing a perfect sized buffer every time).
[MAL]
A redesign would, of course, use a malloced buffer, the n-variants of printf() and add long support ;-) ... maybe for 1.7.
No long support in this patch :(
[Guido on MAL's original patch]
Having read the patch and the discussion about magic numbers, I agree with Marc-Andre: let's apply the quick fix now, worry about correctness later.
Maybe this patch is preferable.
malemburg
commented
23 years ago Ok, I'll look into this by the end of the week.
malemburg
commented
23 years ago Checked in.
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields: ```python assignee = 'https://github.com/malemburg' closed_at =
created_at =
labels = []
title = 'Fix for bug PR#341 (string formatting overflow)'
updated_at =
user = 'https://bugs.python.org/tmick'
```
bugs.python.org fields:
```python
activity =
actor = 'lemburg'
assignee = 'lemburg'
closed = True
closed_date = None
closer = None
components = ['None']
creation =
creator = 'tmick'
dependencies = []
files = ['2438']
hgrepos = []
issue_num = 400507
keywords = ['patch']
message_count = 6.0
messages = ['32692', '32693', '32694', '32695', '32696', '32697']
nosy_count = 3.0
nosy_names = ['lemburg', 'gvanrossum', 'tmick']
pr_nums = []
priority = 'normal'
resolution = None
stage = None
status = 'closed'
superseder = None
type = None
url = 'https://bugs.python.org/issue400507'
versions = []
```