[Python-checkins] cpython (3.3): Issue #26171: Prevent buffer overflow in get_data
berker.peksag
python-checkins at python.org
Wed Sep 14 01:39:44 EDT 2016
https://hg.python.org/cpython/rev/5ae8756a1ae0
changeset: 103779:5ae8756a1ae0
branch: 3.3
parent: 102713:8e3b9bf917a7
user: Berker Peksag <berker.peksag at gmail.com>
date: Wed Sep 14 08:37:28 2016 +0300
summary:
Issue #26171: Prevent buffer overflow in get_data
Backport of 01ddd608b85c.
files:
Misc/NEWS | 3 +++
Modules/zipimport.c | 5 +++++
2 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -10,6 +10,9 @@
Core and Builtins
-----------------
+- Issue #26171: Fix possible integer overflow and heap corruption in
+ zipimporter.get_data().
+
- Issue #25709: Fixed problem with in-place string concatenation and utf-8 cache.
- Issue #24407: Fix crash when dict is mutated while being updated.
diff --git a/Modules/zipimport.c b/Modules/zipimport.c
--- a/Modules/zipimport.c
+++ b/Modules/zipimport.c
@@ -1089,6 +1089,11 @@
PyMarshal_ReadShortFromFile(fp); /* local header size */
file_offset += l; /* Start of file data */
+ if (data_size > LONG_MAX - 1) {
+ fclose(fp);
+ PyErr_NoMemory();
+ return NULL;
+ }
bytes_size = compress == 0 ? data_size : data_size + 1;
if (bytes_size == 0)
bytes_size++;
--
Repository URL: https://hg.python.org/cpython
More information about the Python-checkins
mailing list