[New-bugs-announce] [issue36819] Crash during encoding using UTF-16/32 and custom error handler
Andrei Talaba
report at bugs.python.org
Mon May 6 14:51:21 EDT 2019
New submission from Andrei Talaba <atalaba at fb.com>:
The CPython interpreter write out-of-bounds of allocated memory in certain edge cases in the utf-16 and utf-32 encoders.
The attached script registers two error handlers that either write one ascii character, or two bytes, and tells the encoder to start again from the start of the encoding error. The script then tries to encode an invalid codepoint in either utf-16 or utf-32. Each of the calls to encode independently cause segfaults
Since the encoder starts over again and keeps trying to append the result of the error handler, the lack of proper re-allocations leads to a buffer overflow, and corrupts the stack.
----------
components: Interpreter Core
files: encode_crash.py
messages: 341599
nosy: atalaba, serhiy.storchaka, vstinner
priority: normal
severity: normal
status: open
title: Crash during encoding using UTF-16/32 and custom error handler
type: crash
versions: Python 3.6, Python 3.7, Python 3.8
Added file: https://bugs.python.org/file48304/encode_crash.py
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue36819>
_______________________________________
More information about the New-bugs-announce
mailing list