From fd00916c2e460a8cf16acc46409469d19bc48805 Mon Sep 17 00:00:00 2001 From: Alexandre Vassalotti Date: Tue, 7 Jul 2009 02:17:30 +0000 Subject: [PATCH] Grow the allocated buffer in PyUnicode_EncodeUTF7 to avoid buffer overrun. Without this change, test_unicode.UnicodeTest.test_codecs_utf7 crashes in debug mode. What happens is the unicode string u'\U000abcde' with a length of 1 encodes to the string '+2m/c3g-' of length 8. Since only 5 bytes is reserved in the buffer, a buffer overrun occurs. --- Objects/unicodeobject.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c index c42cd0c6b33..0b23e71f3d5 100644 --- a/Objects/unicodeobject.c +++ b/Objects/unicodeobject.c @@ -1752,7 +1752,7 @@ PyObject *PyUnicode_EncodeUTF7(const Py_UNICODE *s, { PyObject *v; /* It might be possible to tighten this worst case */ - Py_ssize_t allocated = 5 * size; + Py_ssize_t allocated = 8 * size; int inShift = 0; Py_ssize_t i = 0; unsigned int base64bits = 0; @@ -1760,7 +1760,7 @@ PyObject *PyUnicode_EncodeUTF7(const Py_UNICODE *s, char * out; char * start; - if (allocated / 5 != size) + if (allocated / 8 != size) return PyErr_NoMemory(); if (size == 0)