bpo-35214: Fix OOB memory access in unicode escape parser (GH-10506)

Discovered using clang's MemorySanitizer when it ran python3's
test_fstring test_misformed_unicode_character_name.

An msan build will fail by simply executing: ./python -c 'u"\N"'
This commit is contained in:
Gregory P. Smith 2018-11-13 13:16:54 -08:00 committed by GitHub
parent 00b137c72f
commit 746b2d35ea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 1 deletions

View File

@ -0,0 +1,3 @@
Fixed an out of bounds memory access when parsing a truncated unicode
escape sequence at the end of a string such as ``'\N'``. It would read
one byte beyond the end of the memory allocation.

View File

@ -6069,7 +6069,7 @@ _PyUnicode_DecodeUnicodeEscape(const char *s,
}
message = "malformed \\N character escape";
if (*s == '{') {
if (s < end && *s == '{') {
const char *start = ++s;
size_t namelen;
/* look for the closing brace */