From a48aa85da04fa158efa6a546cb7de6a1ac0b518b Mon Sep 17 00:00:00 2001 From: Benjamin Peterson Date: Fri, 3 Jun 2016 22:20:44 -0700 Subject: [PATCH] check the result of PyByteArray_Resize in readline() (closes #27211) --- Misc/NEWS | 2 ++ Modules/_io/iobase.c | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/Misc/NEWS b/Misc/NEWS index 309cb62d856..71a9209a0a3 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -89,6 +89,8 @@ Core and Builtins Library ------- +- Issue #27211: Fix possible memory corruption in io.IOBase.readline(). + - Issue #27114: Fix SSLContext._load_windows_store_certs fails with PermissionError diff --git a/Modules/_io/iobase.c b/Modules/_io/iobase.c index ab6911ddcda..61756d0d2a6 100644 --- a/Modules/_io/iobase.c +++ b/Modules/_io/iobase.c @@ -529,7 +529,10 @@ iobase_readline(PyObject *self, PyObject *args) } old_size = PyByteArray_GET_SIZE(buffer); - PyByteArray_Resize(buffer, old_size + PyBytes_GET_SIZE(b)); + if (PyByteArray_Resize(buffer, old_size + PyBytes_GET_SIZE(b)) < 0) { + Py_DECREF(b); + goto fail; + } memcpy(PyByteArray_AS_STRING(buffer) + old_size, PyBytes_AS_STRING(b), PyBytes_GET_SIZE(b));