[Python-checkins] cpython (merge 3.2 -> default): Fix out of bounds read in long_new() for empty bytes with an explicit base.
christian.heimes
python-checkins at python.org
Wed Sep 12 15:33:23 CEST 2012
http://hg.python.org/cpython/rev/2fa7c104f909
changeset: 79005:2fa7c104f909
parent: 79001:25e41fdc4e60
parent: 79004:3d5db784821f
user: Christian Heimes <christian at cheimes.de>
date: Wed Sep 12 15:32:06 2012 +0200
summary:
Fix out of bounds read in long_new() for empty bytes with an explicit base. int(b'', somebase) calls PyLong_FromString() with char* of length 1 but the function accesses the first argument at offset 1. CID 715359
files:
Objects/longobject.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/Objects/longobject.c b/Objects/longobject.c
--- a/Objects/longobject.c
+++ b/Objects/longobject.c
@@ -4285,8 +4285,8 @@
string = PyByteArray_AS_STRING(x);
else
string = PyBytes_AS_STRING(x);
- if (strlen(string) != (size_t)size) {
- /* We only see this if there's a null byte in x,
+ if (strlen(string) != (size_t)size || !size) {
+ /* We only see this if there's a null byte in x or x is empty,
x is a bytes or buffer, *and* a base is given. */
PyErr_Format(PyExc_ValueError,
"invalid literal for int() with base %d: %R",
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list