[Python-checkins] bpo-36495: Fix two out-of-bounds array reads (GH-12641)
Guido van Rossum
webhook-mailer at python.org
Mon Apr 1 10:36:28 EDT 2019
https://github.com/python/cpython/commit/a4d78362397fc3bced6ea80fbc7b5f4827aec55e
commit: a4d78362397fc3bced6ea80fbc7b5f4827aec55e
branch: master
author: Brad Larsen <brad at bradfordlarsen.com>
committer: Guido van Rossum <guido at python.org>
date: 2019-04-01T07:36:05-07:00
summary:
bpo-36495: Fix two out-of-bounds array reads (GH-12641)
Research and fix by @bradlarsen.
files:
M Python/ast.c
diff --git a/Python/ast.c b/Python/ast.c
index e9154fecff06..913e53ad7937 100644
--- a/Python/ast.c
+++ b/Python/ast.c
@@ -1400,7 +1400,7 @@ handle_keywordonly_args(struct compiling *c, const node *n, int start,
goto error;
asdl_seq_SET(kwonlyargs, j++, arg);
i += 1; /* the name */
- if (TYPE(CHILD(n, i)) == COMMA)
+ if (i < NCH(n) && TYPE(CHILD(n, i)) == COMMA)
i += 1; /* the comma, if present */
break;
case TYPE_COMMENT:
@@ -1599,7 +1599,7 @@ ast_for_arguments(struct compiling *c, const node *n)
if (!kwarg)
return NULL;
i += 2; /* the double star and the name */
- if (TYPE(CHILD(n, i)) == COMMA)
+ if (i < NCH(n) && TYPE(CHILD(n, i)) == COMMA)
i += 1; /* the comma, if present */
break;
case TYPE_COMMENT:
More information about the Python-checkins
mailing list