[Python-checkins] cpython (merge 3.2 -> 3.3): Issue #17043: The unicode-internal decoder no longer read past the end of
serhiy.storchaka
python-checkins at python.org
Thu Feb 7 15:30:51 CET 2013
http://hg.python.org/cpython/rev/fec2976c8503
changeset: 82052:fec2976c8503
branch: 3.3
parent: 82048:452344620c97
parent: 82051:0f1c2e2b6bc2
user: Serhiy Storchaka <storchaka at gmail.com>
date: Thu Feb 07 16:25:25 2013 +0200
summary:
Issue #17043: The unicode-internal decoder no longer read past the end of
input buffer.
files:
Misc/NEWS | 3 +
Objects/unicodeobject.c | 50 +++++++++++++---------------
2 files changed, 26 insertions(+), 27 deletions(-)
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -12,6 +12,9 @@
Core and Builtins
-----------------
+- Issue #17043: The unicode-internal decoder no longer read past the end of
+ input buffer.
+
- Issue #17098: All modules now have __loader__ set even if they pre-exist the
bootstrapping of importlib.
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -6103,6 +6103,11 @@
while (s < end) {
Py_UNICODE uch;
Py_UCS4 ch;
+ if (end - s < Py_UNICODE_SIZE) {
+ endinpos = end-starts;
+ reason = "truncated input";
+ goto error;
+ }
/* We copy the raw representation one byte at a time because the
pointer may be unaligned (see test_codeccallbacks). */
((char *) &uch)[0] = s[0];
@@ -6112,37 +6117,18 @@
((char *) &uch)[3] = s[3];
#endif
ch = uch;
-
+#ifdef Py_UNICODE_WIDE
/* We have to sanity check the raw data, otherwise doom looms for
some malformed UCS-4 data. */
- if (
-#ifdef Py_UNICODE_WIDE
- ch > 0x10ffff ||
-#endif
- end-s < Py_UNICODE_SIZE
- )
- {
- startinpos = s - starts;
- if (end-s < Py_UNICODE_SIZE) {
- endinpos = end-starts;
- reason = "truncated input";
- }
- else {
- endinpos = s - starts + Py_UNICODE_SIZE;
- reason = "illegal code point (> 0x10FFFF)";
- }
- if (unicode_decode_call_errorhandler(
- errors, &errorHandler,
- "unicode_internal", reason,
- &starts, &end, &startinpos, &endinpos, &exc, &s,
- &v, &outpos))
- goto onError;
- continue;
- }
-
+ if (ch > 0x10ffff) {
+ endinpos = s - starts + Py_UNICODE_SIZE;
+ reason = "illegal code point (> 0x10FFFF)";
+ goto error;
+ }
+#endif
s += Py_UNICODE_SIZE;
#ifndef Py_UNICODE_WIDE
- if (Py_UNICODE_IS_HIGH_SURROGATE(ch) && s < end)
+ if (Py_UNICODE_IS_HIGH_SURROGATE(ch) && end - s >= Py_UNICODE_SIZE)
{
Py_UNICODE uch2;
((char *) &uch2)[0] = s[0];
@@ -6157,6 +6143,16 @@
if (unicode_putchar(&v, &outpos, ch) < 0)
goto onError;
+ continue;
+
+ error:
+ startinpos = s - starts;
+ if (unicode_decode_call_errorhandler(
+ errors, &errorHandler,
+ "unicode_internal", reason,
+ &starts, &end, &startinpos, &endinpos, &exc, &s,
+ &v, &outpos))
+ goto onError;
}
if (unicode_resize(&v, outpos) < 0)
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list