>> > return=NULL; output=junk => out of memory
>> > return=junk; output=-1 => cannot do this
>> > return=pointer; output=value => did this, returned value bytes
>>
>> > I agree that the design is a bit questionable;
>>
>> It sure is. If you get both NULL and -1 returned, how are
>> you
> (there's still a possibility that someone checks in a fix without realizing
> that
> the original bug is an attack vector, but I don't think Coverity has
> discovered
> anything like that in the Python code base; we're mainly talking about leaks
> and null-pointer references here).
to clarify,
Martin v. Löwis wrote:
> > On the other hand, the exploit could be crafted based on reading the SVN
> > check-ins ...
>
> Sure. However, at that point, the bug is fixed (atleast in SVN);
> crackers need to act comparatively fast then to exploit it. OTOH, if
> only the report was available, the pro
Alexander Schremmer wrote:
>>I can understand that position. The bugs they find include potential
>>security flaws, for which exploits could be created if the results are
>>freely available.
>
>
> On the other hand, the exploit could be crafted based on reading the SVN
> check-ins ...
Sure. How
On 3/14/06, Tim Peters <[EMAIL PROTECTED]> wrote:
> [Neal Norwitz]
> > ...
> > The public report says 15, but the current developer report shows 12.
> > I'm not sure why there is a discrepancy. All 12 are in ctypes which
> > was recently imported.
>
> I'm having a really hard time making sense of
[Neal Norwitz]
> ...
> The public report says 15, but the current developer report shows 12.
> I'm not sure why there is a discrepancy. All 12 are in ctypes which
> was recently imported.
I'm having a really hard time making sense of the UI on this. When I
looked at the Python project just now (
Greg Ewing wrote:
> Fredrik Lundh wrote:
>
> > return=NULL; output=junk => out of memory
> > return=junk; output=-1 => cannot do this
> > return=pointer; output=value => did this, returned value bytes
>
> > I agree that the design is a bit questionable;
>
> It sure is. If you get both
Fredrik Lundh wrote:
> return=NULL; output=junk => out of memory
> return=junk; output=-1 => cannot do this
> return=pointer; output=value => did this, returned value bytes
> I agree that the design is a bit questionable;
It sure is. If you get both NULL and -1 returned, how are
you
On Tue, 14 Mar 2006 00:55:52 +0100, "Martin v. Löwis" wrote:
> I can understand that position. The bugs they find include potential
> security flaws, for which exploits could be created if the results are
> freely available.
On the other hand, the exploit could be crafted based on reading the SV
Neal Norwitz wrote:
> Their reports were high quality and accurate.
absolutely (which is why I'm surprised that someone's using the un-
reviewed numbers are a quality measure; guess I have to go back
and read the article to see who that was...)
> Of the false positives, it was difficult for the
On 3/13/06, Greg Ewing <[EMAIL PROTECTED]> wrote:
> Fredrik Lundh wrote:
>
> > > But I'm wondering if the actual "bugs" list was transmitted to Python
> > > developers,
> > > and verified / acted upon.
> >
> > and in case it wasn't clear from my previous post, the answer to
> > your specific quest
Jeff Epler wrote:
>>Because according to
>>http://www.washingtontechnology.com/news/1_1/daily_news/28134-1.html :
>>
>>"The maintainers of the source codes can register with Coverity to see
>>the full results. (End users cannot see the bug lists themselves; they
>>will be able to see how buggy a pa
On Mon, Mar 13, 2006 at 03:05:55PM +, fermigier wrote:
> Because according to
> http://www.washingtontechnology.com/news/1_1/daily_news/28134-1.html :
>
> "The maintainers of the source codes can register with Coverity to see
> the full results. (End users cannot see the bug lists themselves;
Fredrik Lundh wrote:
> > But I'm wondering if the actual "bugs" list was transmitted to Python
> > developers,
> > and verified / acted upon.
>
> and in case it wasn't clear from my previous post, the answer to
> your specific question is "yes" ;-)
Could whoever did this perhaps post a brief de
"fermigier" wrote:
> But I'm wondering if the actual "bugs" list was transmitted to Python
> developers,
> and verified / acted upon.
and in case it wasn't clear from my previous post, the answer to
your specific question is "yes" ;-)
___
Python-D
"fermigier" <[EMAIL PROTECTED]> wrote:
> "Perl had a defect density of only 0.186. In comparison Python had a
> defect density of 0.372 and PHP was actually above both the baseline and
> LAMP averages at 0.474."
>
> This is of course a PR stunt. But I'm wondering if the actual "bugs"
> list was tr
http://www.internetnews.com/dev-news/article.php/3589361
"Perl had a defect density of only 0.186. In comparison Python had a
defect density of 0.372 and PHP was actually above both the baseline and
LAMP averages at 0.474."
This is of course a PR stunt. But I'm wondering if the actual "bugs"
list
17 matches
Mail list logo
