[Patches] [ python-Patches-665458 ] Crash in binascii_a2b_uu on corrupt data
SourceForge.net
noreply@sourceforge.net
Thu, 16 Jan 2003 13:42:08 -0800
Patches item #665458, was opened at 2003-01-09 21:44
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=665458&group_id=5470
Category: Library (Lib)
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Michael Scharf (scharf)
Assigned to: Nobody/Anonymous (nobody)
Summary: Crash in binascii_a2b_uu on corrupt data
Initial Comment:
When I unpacked 50 gigabytes of randomly downloaded
usenet binary news posts python crashed (randomly) on
windows. After long tracking (I did'nt have a debug
version) I found the problem in binascii_a2b_uu:
When reading the input data, the boundaries of the input
sting are not checked. With corrupted uuencoded data
(the first bite gives the length of the encoded string), the
function reads out of bounds of the input string. That is
not a problem (in most cases) but sometimes (it
happened typicallyafter 20-30 gibagytes of parsed data)
the allocated string might be at the end of a
memory 'segment' and there is no string after the
allocated string. And that causes a crash.
I have attached a patch to solve the problem. (Python
2.2.2)
Michael
----------------------------------------------------------------------
>Comment By: Neal Norwitz (nnorwitz)
Date: 2003-01-16 16:42
Message:
Logged In: YES
user_id=33168
I agree there is a problem, although I'm concerned about
changing the behaviour. Currently, if the data is short it
is, it is filled with null characters. With this patch an
exception is raised. Ideally, the patch is correct, but my
concern is that many people rely on the output being
null-filled.
I believe the following change around line 207, keeps the
behaviour and would avoid the crash:
- this_ch = *ascii_data;
+ this_ch = (ascii_len > 0) ? *ascii_data : 0;
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=665458&group_id=5470