SF bug 485175: buffer overflow in traceback.c.

Bugfix candidate.
tb_displayline():  the sprintf format was choking off the file name, but
used plain %s for the function name (which can be arbitrarily long).
Limit both to 500 chars max.

diff --git a/Misc/ACKS b/Misc/ACKS
index 1975ced29f6e9af6162ca7d3910b8ea2a0dd3c93..0e9e07f99652b65d79e073ea721525dd0bce9064 100644 (file)
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -274,6 +274,7 @@ Grzegorz Makarewicz
 Ken Manheimer
 Vladimir Marangozov
 Doug Marien
+Alex Martelli
 Anthony Martin
 Roger Masse
 Nick Mathewson

diff --git a/Python/traceback.c b/Python/traceback.c
index 7bbf852cdc72e8c5143d9ac27ee022b093ed0cc5..6abde64de6dd312ca5d9f7399884e7c34527ea03 100644 (file)
--- a/Python/traceback.c
+++ b/Python/traceback.c
@@ -144,16 +144,16 @@ tb_displayline(PyObject *f, char *filename, int lineno, char *name)
 {
        int err = 0;
        FILE *xfp;
-       char linebuf[1000];
+       char linebuf[2000];
        int i;
        if (filename == NULL || name == NULL)
                return -1;
 #ifdef MPW
        /* This is needed by MPW's File and Line commands */
-#define FMT "  File \"%.900s\"; line %d # in %s\n"
+#define FMT "  File \"%.500s\"; line %d # in %.500s\n"
 #else
        /* This is needed by Emacs' compile command */
-#define FMT "  File \"%.900s\", line %d, in %s\n"
+#define FMT "  File \"%.500s\", line %d, in %.500s\n"
 #endif
        xfp = fopen(filename, "r");
        if (xfp == NULL) {