Mailinglist Archive: opensuse-bugs (4498 mails)

< Previous Next >
[Bug 964182] python has multiple bogus integer overflow checks
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Tue, 02 Feb 2016 10:03:31 +0000
  • Message-id: <bug-964182-21960-HosE4SrWmG@http.bugzilla.novell.com/>
http://bugzilla.novell.com/show_bug.cgi?id=964182
http://bugzilla.novell.com/show_bug.cgi?id=964182#c8

--- Comment #8 from Richard Biener <rguenther@xxxxxxxx> ---
Note that I did only mimimal fixing to make the testsuite succeed again for the
GCC 6 transition in openSUSE:Factory:Staging:Gcc6. The reason I reported the
issue here and to you is so you can implement a proper fix or direct the
packager to do so (I'm not the python packager).

The reason I got you in loop is because GCC (even older versions) likely
optimize
away some of those broken overflow checks and thus effectively python does not
perform any such overflow checks at runtime. That would be the security issue
to fix (if the compiler doesn't optimize them even the "broken" overflow checks
work in practice).

Note that I didn't notice any testsuite issues with python3 - maybe because
the issues are already fixed there or maybe because they are obfuscated enough
for GCC to not optimize them or maybe because these cases are no longer
exercised by the testsuite.

Note that I also only audited the files where affected testcases operated
(the three files patched). Other sources likely contain similar issues.

Thus a full review is necessary here.

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >