[Python-Dev] Should we fix these errors?
Christian Heimes
christian at python.org
Sat Jul 23 09:22:47 EDT 2016
More information about the Python-Dev mailing list
Sat Jul 23 09:22:47 EDT 2016
- Previous message (by thread): [Python-Dev] Should we fix these errors?
- Next message (by thread): [Python-Dev] Should we fix these errors?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 2016-07-22 16:36, Guido van Rossum wrote: > Somebody did some research and found some bugs in CPython (IIUC). The > published some questionable fragments. If there's a volunteer we could > probably easily fix these. (I know we already have occasional Coverity > scans and there are other tools too (anybody try lgtm yet?) But this > seems honest research (also Python leaves Ruby in the dust :-): > > http://www.viva64.com/en/b/0414/ I had a closer look at the report. About half of the bugs, maybe more are not in the C code of CPython but in OpenSSL code. I really mean OpenSSL code, not _ssl.c and _hashopenssl.c. It's safe to assume that they forgot to exclude external dependencies. The issues in ASN1_PRINTABLE_type() [N2], BN_mask_bits() [N4 bn_lib.c, digest.c, evp_enc.c], dh_cms_set_peerkey() [N5, dh_ameth.c] and cms_env_set_version() [N6, cms_env.c] are all OpenSSL issues and should be reported to OpenSSL. Guido, did the company contact you or do you have Pavel Belikov's email address? Christian
- Previous message (by thread): [Python-Dev] Should we fix these errors?
- Next message (by thread): [Python-Dev] Should we fix these errors?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list