[issue14579] Vulnerability in the utf-16 decoder after error handling

Serhiy Storchaka report at bugs.python.org
Thu Apr 19 23:29:39 CEST 2012


Serhiy Storchaka <storchaka at gmail.com> added the comment:

Here is the bugs in the utf-16 decoder:

1. `aligned_end` is not updated after calling error handler.

2. Possible silent reading of one byte over the bytes array limit when decoding of a surrogate pair. b'\xD8\x00\xDC'.decode('utf-16be')

3. Error handlers receive data without last byte.

4. After handling truncate data error it is impossible to continue decoding (unlike all the other decoders).

----------
title: Possible vulnerability in the utf-16 decoder after error handling -> Vulnerability in the utf-16 decoder after error handling

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue14579>
_______________________________________


More information about the Python-bugs-list mailing list