traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Issue #24467: Fixed possible buffer over-read in bytearray. The bytearray 

object now always allocates place for trailing null byte and it's buffer now
is always null-terminated.
This commit is contained in:
Serhiy Storchaka 2015-06-29 21:14:06 +03:00
parent 50373e6c21
commit 7b6e3b91f5
3 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
Lib/test/test_bytes.py
View File

@ -1030,10 +1030,27 @@ class ByteArrayTest(BaseBytesTest, unittest.TestCase):
for i in range(100): for i in range(100):
b += b"x" b += b"x"
alloc = b.__alloc__() alloc = b.__alloc__()
self.assertTrue(alloc >= len(b)) self.assertGreater(alloc, len(b)) # including trailing null byte
if alloc not in seq: if alloc not in seq:
seq.append(alloc) seq.append(alloc)
def test_init_alloc(self):
b = bytearray()
def g():
for i in range(1, 100):
yield i
a = list(b)
self.assertEqual(a, list(range(1, len(a)+1)))
self.assertEqual(len(b), len(a))
self.assertLessEqual(len(b), i)
alloc = b.__alloc__()
self.assertGreater(alloc, len(b)) # including trailing null byte
b.__init__(g())
self.assertEqual(list(b), list(range(1, 100)))
self.assertEqual(len(b), 99)
alloc = b.__alloc__()
self.assertGreater(alloc, len(b))
def test_extend(self): def test_extend(self):
orig = b'hello' orig = b'hello'
a = bytearray(orig) a = bytearray(orig)

4
Misc/NEWS
View File

@ -10,6 +10,10 @@ Release date: tba
Core and Builtins Core and Builtins
----------------- -----------------
- Issue #24467: Fixed possible buffer over-read in bytearray. The bytearray
object now always allocates place for trailing null byte and it's buffer now
is always null-terminated.
- Issue #24115: Update uses of PyObject_IsTrue(), PyObject_Not(), - Issue #24115: Update uses of PyObject_IsTrue(), PyObject_Not(),
PyObject_IsInstance(), PyObject_RichCompareBool() and _PyDict_Contains() PyObject_IsInstance(), PyObject_RichCompareBool() and _PyDict_Contains()
to check for and handle errors correctly. to check for and handle errors correctly.

4
Objects/bytearrayobject.c
View File

@ -854,8 +854,10 @@ bytearray_init(PyByteArrayObject *self, PyObject *args, PyObject *kwds)
goto error; goto error;
/* Append the byte */ /* Append the byte */
if (Py_SIZE(self) < self->ob_alloc) if (Py_SIZE(self) + 1 < self->ob_alloc) {
Py_SIZE(self)++; Py_SIZE(self)++;
PyByteArray_AS_STRING(self)[Py_SIZE(self)] = '\0';
}
else if (PyByteArray_Resize((PyObject *)self, Py_SIZE(self)+1) < 0) else if (PyByteArray_Resize((PyObject *)self, Py_SIZE(self)+1) < 0)
goto error; goto error;
PyByteArray_AS_STRING(self)[Py_SIZE(self)-1] = value; PyByteArray_AS_STRING(self)[Py_SIZE(self)-1] = value;