backport 2.35:

 SF bug 485175:  buffer overflow in
 traceback.c.  Bugfix candidate.  tb_displayline():  the sprintf
 format was choking off the file name, but used plain %s for the
 function name (which can be arbitrarily long).  Limit both to 500
 chars max.

diff --git a/Python/traceback.c b/Python/traceback.c
index c17dbe2d6e5aed5839efd4f5b679c17815854280..19dfc16241c6449398f40af5e492c9b71fc0edb6 100644 (file)
--- a/Python/traceback.c
+++ b/Python/traceback.c
@@ -103,16 +103,16 @@ tb_displayline(PyObject *f, char *filename, int lineno, char *name)
 {
        int err = 0;
        FILE *xfp;
-       char linebuf[1000];
+       char linebuf[2000];
        int i;
        if (filename == NULL || name == NULL)
                return -1;
 #ifdef MPW
        /* This is needed by MPW's File and Line commands */
-#define FMT "  File \"%.900s\"; line %d # in %s\n"
+#define FMT "  File \"%.500s\"; line %d # in %.500s\n"
 #else
        /* This is needed by Emacs' compile command */
-#define FMT "  File \"%.900s\", line %d, in %s\n"
+#define FMT "  File \"%.500s\", line %d, in %.500s\n"
 #endif
        xfp = fopen(filename, "r");
        if (xfp == NULL) {