Message 78312 - Python tracker

Message78312

Author	vstinner
Recipients	ebfe, pitrou, vstinner
Date	2008-12-26.22:32:36
SpamBayes Score	1.2400083e-05
Marked as misclassified	No
Message-id	<1230330757.97.0.710407230501.issue4751@psf.upfronthosting.co.za>
In-reply-to

Content
If view.len is negative, EVP_hash() may read invalid memory :-/ Be careful of integer overflow in this block: Py_ssize_t offset = 0, sublen = len; while (sublen) { unsigned int process = sublen > MUNCH_SIZE ? MUNCH_SIZE : sublen; ... } You removed Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int) which should be used (eg. on process?). Note: you might modify len directly instead of using a second variable (sublen), and cp instead of using an offset.

Content

If view.len is negative, EVP_hash() may read invalid memory :-/ Be 
careful of integer overflow in this block:

   Py_ssize_t offset = 0, sublen = len;
   while (sublen) {
      unsigned int process = sublen > MUNCH_SIZE ? MUNCH_SIZE : 
sublen;
      ...
   }

You removed Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int) which 
should be used (eg. on process?).

Note: you might modify len directly instead of using a second variable 
(sublen), and cp instead of using an offset.

History
Date	User	Action	Args
2008-12-26 22:32:38	vstinner	set	recipients: + vstinner, pitrou, ebfe
2008-12-26 22:32:37	vstinner	set	messageid: <1230330757.97.0.710407230501.issue4751@psf.upfronthosting.co.za>
2008-12-26 22:32:37	vstinner	link	issue4751 messages
2008-12-26 22:32:36	vstinner	create