[Python-3000-checkins] r58707 - in python/branches/py3k-pep3137: Include/stringobject.h Objects/unicodeobject.c
guido.van.rossum
python-3000-checkins at python.org
Mon Oct 29 22:45:35 CET 2007
Author: guido.van.rossum
Date: Mon Oct 29 22:45:35 2007
New Revision: 58707
Modified:
python/branches/py3k-pep3137/Include/stringobject.h
python/branches/py3k-pep3137/Objects/unicodeobject.c
Log:
Get rid of the placeholder in PyStringObject.
Amaury Foregeot d'Arc found the culprit: the code for decoding octal
escapes in PyUnicode_DecodeUnicodeEscape was reading past the end of
the input buffer, which wasn't null-terminated.
This probably ought to be backported; it seems pure luck it doesn't
trigger in 2.x.
Modified: python/branches/py3k-pep3137/Include/stringobject.h
==============================================================================
--- python/branches/py3k-pep3137/Include/stringobject.h (original)
+++ python/branches/py3k-pep3137/Include/stringobject.h Mon Oct 29 22:45:35 2007
@@ -30,7 +30,6 @@
typedef struct {
PyObject_VAR_HEAD
long ob_shash;
- int ob_placeholder; /* XXX If I remove this things break?!?! */
char ob_sval[1];
/* Invariants:
Modified: python/branches/py3k-pep3137/Objects/unicodeobject.c
==============================================================================
--- python/branches/py3k-pep3137/Objects/unicodeobject.c (original)
+++ python/branches/py3k-pep3137/Objects/unicodeobject.c Mon Oct 29 22:45:35 2007
@@ -2671,6 +2671,7 @@
startinpos = s-starts;
/* \ - Escapes */
s++;
+ assert (s < end); /* If this fails, the parser let through garbage */
switch (*s++) {
/* \x escapes */
@@ -2690,9 +2691,9 @@
case '0': case '1': case '2': case '3':
case '4': case '5': case '6': case '7':
x = s[-1] - '0';
- if ('0' <= *s && *s <= '7') {
+ if (s < end && '0' <= *s && *s <= '7') {
x = (x<<3) + *s++ - '0';
- if ('0' <= *s && *s <= '7')
+ if (s < end && '0' <= *s && *s <= '7')
x = (x<<3) + *s++ - '0';
}
*p++ = x;
More information about the Python-3000-checkins
mailing list