Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 6d20b43

Browse files
tim-onetim-one
committed
SF bug 485175: buffer overflow in traceback.c.
Bugfix candidate. tb_displayline(): the sprintf format was choking off the file name, but used plain %s for the function name (which can be arbitrarily long). Limit both to 500 chars max.
1 parent e274864 commit 6d20b43

2 files changed

Lines changed: 4 additions & 3 deletions

File tree

Misc/ACKS

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -274,6 +274,7 @@ Grzegorz Makarewicz
274274
Ken Manheimer
275275
Vladimir Marangozov
276276
Doug Marien
277+
Alex Martelli
277278
Anthony Martin
278279
Roger Masse
279280
Nick Mathewson

Python/traceback.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -144,16 +144,16 @@ tb_displayline(PyObject *f, char *filename, int lineno, char *name)
144144
{
145145
int err = 0;
146146
FILE *xfp;
147-
char linebuf[1000];
147+
char linebuf[2000];
148148
int i;
149149
if (filename == NULL || name == NULL)
150150
return -1;
151151
#ifdef MPW
152152
/* This is needed by MPW's File and Line commands */
153-
#define FMT " File \"%.900s\"; line %d # in %s\n"
153+
#define FMT " File \"%.500s\"; line %d # in %.500s\n"
154154
#else
155155
/* This is needed by Emacs' compile command */
156-
#define FMT " File \"%.900s\", line %d, in %s\n"
156+
#define FMT " File \"%.500s\", line %d, in %.500s\n"
157157
#endif
158158
xfp = fopen(filename, "r");
159159
if (xfp == NULL) {

0 commit comments

Comments
 (0)