illume avatar illume committed 51ea31f

Buffer overflow in event_str. Fixes #67

Thanks Tom Knight.

Comments (0)

Files changed (1)

 event_str (PyObject* self)
 {
     PyEventObject* e = (PyEventObject*)self;
-    char str[1024];
+    char *str;
     PyObject *strobj;
+    PyObject * pyobj;
     char *s;
+    int size;
 #if PY3
     PyObject *encodedobj;
 #endif
 #else
     s = PyString_AsString (strobj);
 #endif
+    size = (11 + strlen(name_from_eventtype (e->type)) + strlen(s) + sizeof(e->type) * 3 + 1);
+    str = (char *) PyMem_Malloc(size);
     sprintf (str, "<Event(%d-%s %s)>", e->type, name_from_eventtype (e->type),
              s);
 
     Py_DECREF (strobj);
-    return Text_FromUTF8 (str);
+
+    pyobj = Text_FromUTF8 (str);
+    PyMem_Free(str);
+
+    return (pyobj);
 }
 
 static int
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.