[issue14579] Vulnerability in the utf-16 decoder after error handling
Martin v. Löwis
report at bugs.python.org
Fri Apr 20 11:53:23 CEST 2012
Martin v. Löwis <martin at v.loewis.de> added the comment:
[moving from Rietveld back to Roundup]
On 2012/04/20 11:15:48, storchaka wrote:
> The `aligned_end` may point outside unicode object,
> if the unicode object was reallocated.
How so? The aligned_end *never* points into the unicode object:
q = (unsigned char *)s;
e = q + size - 1;
aligned_end = (const unsigned char *) ((size_t) e & ~LONG_PTR_MASK);
So aligned_end points into s, not into the unicode object.
So this adjustment is necessary because the *input* may change in the callback,
not because the output may change. So the comment in decode_utf8_errors seems
just as wrong.
Why this is relevant to this issue, is unclear to me, though: the ignore handler
doesn't modify the input object.
----------
nosy: +loewis
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue14579>
_______________________________________
More information about the Python-bugs-list
mailing list