traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[2.7] bpo-35214: Fix OOB memory access in unicode escape parser (GH-10506) (GH-10538) 

Discovered using clang's MemorySanitizer.

A msan build will fail by simply executing: ./python -c 'u"\N"'
(cherry picked from commit 746b2d3)

Co-authored-by: Gregory P. Smith <greg@krypto.org> [Google LLC]
This commit is contained in:
Gregory P. Smith 2018-11-14 11:55:07 -08:00 committed by GitHub
parent 815fa49d10
commit b6f4472dc4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Misc/NEWS.d/next/Core and Builtins/2018-11-13-17-20-18.bpo-35214.AH2F87.rst Normal file
View File

@ -0,0 +1,3 @@
Fixed an out of bounds memory access when parsing a truncated unicode escape
sequence at the end of a string such as ``u'\N'``. It would read one byte
beyond the end of the memory allocation.

2
Objects/unicodeobject.c
View File

@ -2950,7 +2950,7 @@ PyObject *PyUnicode_DecodeUnicodeEscape(const char *s,
if (ucnhash_CAPI == NULL) if (ucnhash_CAPI == NULL)
goto ucnhashError; goto ucnhashError;
} }
if (*s == '{') { if (s < end && *s == '{') {
const char *start = s+1; const char *start = s+1;
/* look for the closing brace */ /* look for the closing brace */
while (*s != '}' && s < end) while (*s != '}' && s < end)