[Python-checkins] r58814 - python/branches/release25-maint/Objects/stringobject.c python/branches/release25-maint/Objects/unicodeobject.c

georg.brandl python-checkins at python.org
Fri Nov 2 23:46:38 CET 2007 

Author: georg.brandl
Date: Fri Nov  2 23:46:38 2007
New Revision: 58814

Modified:
   python/branches/release25-maint/Objects/stringobject.c
   python/branches/release25-maint/Objects/unicodeobject.c
Log:
Backport r58709 from trunk:
Backport fixes for the code that decodes octal escapes (and for PyString
also hex escapes) -- this was reaching beyond the end of the input string
buffer, even though it is not supposed to be \0-terminated.
This has no visible effect but is clearly the correct thing to do.
(In 3.0 it had a visible effect after removing ob_sstate from PyString.)
Also fixes #1098.


Modified: python/branches/release25-maint/Objects/stringobject.c
==============================================================================
--- python/branches/release25-maint/Objects/stringobject.c	(original)
+++ python/branches/release25-maint/Objects/stringobject.c	Fri Nov  2 23:46:38 2007
@@ -616,16 +616,18 @@
 		case '0': case '1': case '2': case '3':
 		case '4': case '5': case '6': case '7':
 			c = s[-1] - '0';
-			if ('0' <= *s && *s <= '7') {
+			if (s < end && '0' <= *s && *s <= '7') {
 				c = (c<<3) + *s++ - '0';
-				if ('0' <= *s && *s <= '7')
+				if (s < end && '0' <= *s && *s <= '7')
 					c = (c<<3) + *s++ - '0';
 			}
 			*p++ = c;
 			break;
 		case 'x':
-			if (isxdigit(Py_CHARMASK(s[0]))
-			    && isxdigit(Py_CHARMASK(s[1]))) {
+			if (s+1 < end &&
+                            isxdigit(Py_CHARMASK(s[0])) &&
+			    isxdigit(Py_CHARMASK(s[1])))
+                        {
 				unsigned int x = 0;
 				c = Py_CHARMASK(*s);
 				s++;

Modified: python/branches/release25-maint/Objects/unicodeobject.c
==============================================================================
--- python/branches/release25-maint/Objects/unicodeobject.c	(original)
+++ python/branches/release25-maint/Objects/unicodeobject.c	Fri Nov  2 23:46:38 2007
@@ -1813,7 +1813,10 @@
         startinpos = s-starts;
         /* \ - Escapes */
         s++;
-        switch (*s++) {
+        c = *s++;
+        if (s > end)
+            c = '\0'; /* Invalid after \ */
+        switch (c) {
 
         /* \x escapes */
         case '\n': break;
@@ -1832,9 +1835,9 @@
         case '0': case '1': case '2': case '3':
         case '4': case '5': case '6': case '7':
             x = s[-1] - '0';
-            if ('0' <= *s && *s <= '7') {
+            if (s < end && '0' <= *s && *s <= '7') {
                 x = (x<<3) + *s++ - '0';
-                if ('0' <= *s && *s <= '7')
+                if (s < end && '0' <= *s && *s <= '7')
                     x = (x<<3) + *s++ - '0';
             }
             *p++ = x;

More information about the Python-checkins mailing list