bpo-35214: Fix OOB memory access in unicode escape parser (GH-10506)
Discovered using clang's MemorySanitizer when it ran python3's test_fstring test_misformed_unicode_character_name. An msan build will fail by simply executing: ./python -c 'u"\N"'
This commit is contained in:
parent
00b137c72f
commit
746b2d35ea
|
@ -0,0 +1,3 @@
|
|||
Fixed an out of bounds memory access when parsing a truncated unicode
|
||||
escape sequence at the end of a string such as ``'\N'``. It would read
|
||||
one byte beyond the end of the memory allocation.
|
|
@ -6069,7 +6069,7 @@ _PyUnicode_DecodeUnicodeEscape(const char *s,
|
|||
}
|
||||
|
||||
message = "malformed \\N character escape";
|
||||
if (*s == '{') {
|
||||
if (s < end && *s == '{') {
|
||||
const char *start = ++s;
|
||||
size_t namelen;
|
||||
/* look for the closing brace */
|
||||
|
|
Loading…
Reference in New Issue