[Python-modules-team] Bug#663189: buffer overflow in python-pyfribidi
Jakub Wilk
jwilk at debian.org
Fri Mar 9 11:26:27 UTC 2012
severity 663189 grave
tags 663189 + confirmed security
thanks
* Ralf Schmitt <ralf at systemexit.de>, 2012-03-09, 10:11:
># python2.6 -c 'import pyfribidi; pyfribidi.log2vis(unichr(0x10000)*5)'
>Segmentation fault
>
>The reason is the following (see
>https://github.com/pediapress/pyfribidi/issues/2):
>
>fribidi_utf8_to_unicode consumes at most 3 bytes for a single unicode
>character, i.e. it does not handle unicode character above 0xffff.
As far as I can see this is not true. In Debian, we allocate 4 bytes per
characters. (An upstream version, which the Debian package is based on,
is completely broken in this respect: it allocates a buffer of static
size. See bug #570068)
>For a 4 byte utf-8 sequence it will generate 2 unicode characters,
>which overflows the logical buffer.
I'm confused. What is "it" in your sentence? Why 2 Unicode characters?
Anyway I tried to double the buffer size (8 bytes per characters of
original string) but this didn't fix the crash. So likely the problem
lies somewhere else.
--
Jakub Wilk
More information about the Python-modules-team
mailing list