[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[pygame] PATCH needs review. event str buffer over flow

To: pygame-users@xxxxxxxx
Subject: [pygame] PATCH needs review. event str buffer over flow
From: René Dudfield <renesd@xxxxxxxxx>
Date: Tue, 23 Aug 2011 15:30:16 +0200
Delivered-to: archiver@xxxxxxxx
Delivered-to: pygame-users-outgoing@xxxxxxxx
Delivered-to: pygame-users@xxxxxxxx
Delivery-date: Tue, 23 Aug 2011 09:30:23 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=wvE4ucFc43toIbfFyJ3IFQ9ZD4Z7UnMyxZvNcxcb4d4=; b=uPTjTOtp0DzGekWIBI5LcRXs7AOtwpOqMeJjx6U80kOtbAsVihTQGf3j2K1kX5Ui36 NZ4seyiKWGviEPscmQ39ZrBFOSJNYLLlSivW3VDIBbazeHLX4s3FRa/JIV1duyx1qLb6 aaC0nm4nIwwrqVTAK2VkjRZVOLjvt7QRcdC54=
Reply-to: pygame-users@xxxxxxxx
Sender: owner-pygame-users@xxxxxxxx

Hi,

I just noticed this bug and patch on the issue tracker:
https://bitbucket.org/pygame/pygame/issue/67/event_str-buffer-overflow

I'm not quite sure about the string size calculation, so was wondering if someone else could review it too... Where does the 11 come from? I think it comes from the 11 extra characters in the formatted string. The +1 is there for the null byte at the end of the string. Does that sound ok?

I added a test for it based on the test in the issue, and it seems to pass now. Where it used to do a buffer overflow.

cheers,

Follow-Ups:
- Re: [pygame] PATCH needs review. event str buffer over flow
  - From: Lenard Lindstrom

Prev by Author: [pygame] Re: marking issues for 1.9.2 release
Next by Author: Re: [pygame] PATCH needs review. event str buffer over flow
Previous by thread: Re: [pygame] Re: marking issues for 1.9.2 release
Next by thread: Re: [pygame] PATCH needs review. event str buffer over flow
Index(es):
- Author
- Thread