From: Tim Peters <tim.peters@gmail.com>
Date: Tue, 27 Nov 2001 20:30:42 +0000 (+0000)
Subject: SF bug 485175:  buffer overflow in traceback.c.
X-Git-Tag: v2.2.1c1~695
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6d20b43a4e3255e4b4fe4468861abf72166d9acf;p=python

SF bug 485175:  buffer overflow in traceback.c.
Bugfix candidate.
tb_displayline():  the sprintf format was choking off the file name, but
used plain %s for the function name (which can be arbitrarily long).
Limit both to 500 chars max.
---

diff --git a/Misc/ACKS b/Misc/ACKS
index 1975ced29f..0e9e07f996 100644
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -274,6 +274,7 @@ Grzegorz Makarewicz
 Ken Manheimer
 Vladimir Marangozov
 Doug Marien
+Alex Martelli
 Anthony Martin
 Roger Masse
 Nick Mathewson
diff --git a/Python/traceback.c b/Python/traceback.c
index 7bbf852cdc..6abde64de6 100644
--- a/Python/traceback.c
+++ b/Python/traceback.c
@@ -144,16 +144,16 @@ tb_displayline(PyObject *f, char *filename, int lineno, char *name)
 {
 	int err = 0;
 	FILE *xfp;
-	char linebuf[1000];
+	char linebuf[2000];
 	int i;
 	if (filename == NULL || name == NULL)
 		return -1;
 #ifdef MPW
 	/* This is needed by MPW's File and Line commands */
-#define FMT "  File \"%.900s\"; line %d # in %s\n"
+#define FMT "  File \"%.500s\"; line %d # in %.500s\n"
 #else
 	/* This is needed by Emacs' compile command */
-#define FMT "  File \"%.900s\", line %d, in %s\n"
+#define FMT "  File \"%.500s\", line %d, in %.500s\n"
 #endif
 	xfp = fopen(filename, "r");
 	if (xfp == NULL) {