[Python-checkins] cpython (3.2): Fix out of bounds read in long_new() for empty bytes with an explicit base.

christian.heimes python-checkins at python.org
Wed Sep 12 15:32:51 CEST 2012


http://hg.python.org/cpython/rev/3d5db784821f
changeset:   79004:3d5db784821f
branch:      3.2
parent:      79000:bc342cd7ed96
user:        Christian Heimes <christian at cheimes.de>
date:        Wed Sep 12 15:31:43 2012 +0200
summary:
  Fix out of bounds read in long_new() for empty bytes with an explicit base. int(b'', somebase) calls PyLong_FromString() with char* of length 1 but the function accesses the first argument at offset 1. CID 715359

files:
  Objects/longobject.c |  4 ++--
  1 files changed, 2 insertions(+), 2 deletions(-)


diff --git a/Objects/longobject.c b/Objects/longobject.c
--- a/Objects/longobject.c
+++ b/Objects/longobject.c
@@ -4149,8 +4149,8 @@
             string = PyByteArray_AS_STRING(x);
         else
             string = PyBytes_AS_STRING(x);
-        if (strlen(string) != (size_t)size) {
-            /* We only see this if there's a null byte in x,
+        if (strlen(string) != (size_t)size || !size) {
+            /* We only see this if there's a null byte in x or x is empty,
                x is a bytes or buffer, *and* a base is given. */
             PyErr_Format(PyExc_ValueError,
                          "invalid literal for int() with base %d: %R",

-- 
Repository URL: http://hg.python.org/cpython


More information about the Python-checkins mailing list