Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

#3322: bounds checking for _json.scanstring

This commit is contained in:
Bob Ippolito 2008-07-19 21:59:50 +00:00
parent 0147a761b1
commit d648f64a53
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Modules/_json.c
View File

@ -235,6 +235,10 @@ scanstring_str(PyObject *pystr, Py_ssize_t end, char *encoding, int strict)
if (chunks == NULL) { if (chunks == NULL) {
goto bail; goto bail;
} }
if (end < 0 || len <= end) {
PyErr_SetString(PyExc_ValueError, "end is out of bounds");
goto bail;
}
while (1) { while (1) {
/* Find the end of the string or the next escape */ /* Find the end of the string or the next escape */
Py_UNICODE c = 0; Py_UNICODE c = 0;
@ -245,7 +249,7 @@ scanstring_str(PyObject *pystr, Py_ssize_t end, char *encoding, int strict)
break; break;
} }
else if (strict && c <= 0x1f) { else if (strict && c <= 0x1f) {
raise_errmsg("Invalid control character at", pystr, begin); raise_errmsg("Invalid control character at", pystr, next);
goto bail; goto bail;
} }
} }
@ -396,6 +400,10 @@ scanstring_unicode(PyObject *pystr, Py_ssize_t end, int strict)
if (chunks == NULL) { if (chunks == NULL) {
goto bail; goto bail;
} }
if (end < 0 || len <= end) {
PyErr_SetString(PyExc_ValueError, "end is out of bounds");
goto bail;
}
while (1) { while (1) {
/* Find the end of the string or the next escape */ /* Find the end of the string or the next escape */
Py_UNICODE c = 0; Py_UNICODE c = 0;
@ -406,7 +414,7 @@ scanstring_unicode(PyObject *pystr, Py_ssize_t end, int strict)
break; break;
} }
else if (strict && c <= 0x1f) { else if (strict && c <= 0x1f) {
raise_errmsg("Invalid control character at", pystr, begin); raise_errmsg("Invalid control character at", pystr, next);
goto bail; goto bail;
} }
} }