[Python-modules-team] Bug#663189: buffer overflow in python-pyfribidi
Ralf Schmitt
ralf at systemexit.de
Fri Mar 9 09:11:26 UTC 2012
Package: python-pyfribidi
Architecture: i386
Source: pyfribidi
Version: 0.10.0-2
There's a buffer overflow in pyfribidi:
# python2.6 -c 'import pyfribidi; pyfribidi.log2vis(unichr(0x10000)*5)'
Segmentation fault
The reason is the following (see
https://github.com/pediapress/pyfribidi/issues/2):
fribidi_utf8_to_unicode consumes at most 3 bytes for a single unicode
character, i.e. it does not handle unicode character above 0xffff. For a
4 byte utf-8 sequence it will generate 2 unicode characters, which
overflows the logical buffer.
It's fixed with
https://github.com/pediapress/pyfribidi/commit/d2860c655357975e7b32d84e6b45e98f0dcecd7a
(or with pyfribidi 0.11 from pypi)
IMHO the issue is security relevant.
--
Cheers
Ralf
More information about the Python-modules-team
mailing list