[Python-checkins] cpython (3.4): Issue #24467: Fixed possible buffer over-read in bytearray. The bytearray
serhiy.storchaka
python-checkins at python.org
Mon Jun 29 20:19:25 CEST 2015
https://hg.python.org/cpython/rev/c95d7ffa492e
changeset: 96718:c95d7ffa492e
branch: 3.4
parent: 96712:9ce5c1f371f7
user: Serhiy Storchaka <storchaka at gmail.com>
date: Mon Jun 29 21:14:06 2015 +0300
summary:
Issue #24467: Fixed possible buffer over-read in bytearray. The bytearray
object now always allocates place for trailing null byte and it's buffer now
is always null-terminated.
files:
Lib/test/test_bytes.py | 19 ++++++++++++++++++-
Misc/NEWS | 4 ++++
Objects/bytearrayobject.c | 4 +++-
3 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/Lib/test/test_bytes.py b/Lib/test/test_bytes.py
--- a/Lib/test/test_bytes.py
+++ b/Lib/test/test_bytes.py
@@ -1030,10 +1030,27 @@
for i in range(100):
b += b"x"
alloc = b.__alloc__()
- self.assertTrue(alloc >= len(b))
+ self.assertGreater(alloc, len(b)) # including trailing null byte
if alloc not in seq:
seq.append(alloc)
+ def test_init_alloc(self):
+ b = bytearray()
+ def g():
+ for i in range(1, 100):
+ yield i
+ a = list(b)
+ self.assertEqual(a, list(range(1, len(a)+1)))
+ self.assertEqual(len(b), len(a))
+ self.assertLessEqual(len(b), i)
+ alloc = b.__alloc__()
+ self.assertGreater(alloc, len(b)) # including trailing null byte
+ b.__init__(g())
+ self.assertEqual(list(b), list(range(1, 100)))
+ self.assertEqual(len(b), 99)
+ alloc = b.__alloc__()
+ self.assertGreater(alloc, len(b))
+
def test_extend(self):
orig = b'hello'
a = bytearray(orig)
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -10,6 +10,10 @@
Core and Builtins
-----------------
+- Issue #24467: Fixed possible buffer over-read in bytearray. The bytearray
+ object now always allocates place for trailing null byte and it's buffer now
+ is always null-terminated.
+
- Issue #24115: Update uses of PyObject_IsTrue(), PyObject_Not(),
PyObject_IsInstance(), PyObject_RichCompareBool() and _PyDict_Contains()
to check for and handle errors correctly.
diff --git a/Objects/bytearrayobject.c b/Objects/bytearrayobject.c
--- a/Objects/bytearrayobject.c
+++ b/Objects/bytearrayobject.c
@@ -854,8 +854,10 @@
goto error;
/* Append the byte */
- if (Py_SIZE(self) < self->ob_alloc)
+ if (Py_SIZE(self) + 1 < self->ob_alloc) {
Py_SIZE(self)++;
+ PyByteArray_AS_STRING(self)[Py_SIZE(self)] = '\0';
+ }
else if (PyByteArray_Resize((PyObject *)self, Py_SIZE(self)+1) < 0)
goto error;
PyByteArray_AS_STRING(self)[Py_SIZE(self)-1] = value;
--
Repository URL: https://hg.python.org/cpython
More information about the Python-checkins
mailing list