Issue1098
Created on 2007-09-04 05:38 by Rhamphoryncus, last changed 2007-11-02 22:46 by georg.brandl.
|
|
msg55630 - (view) |
Author: Adam Olsen (Rhamphoryncus) |
Date: 2007-09-04 05:38 |
|
In the large else branch in decode_unicode (if encoding is not NULL or
"iso-8859-1"), the new string it produces is not nul-terminated. This
then hits PyUnicode_DecodeUnicodeEscape's octal escape case, which reads
past the end of the string (but would stop if there was a nul there.)
I found this via valgrind.
|
|
msg55863 - (view) |
Author: Georg Brandl (georg.brandl) |
Date: 2007-09-12 19:32 |
|
The function in question is in Python/ast.c. Martin, does the string
need to be null-terminated or does DecodeUnicodeEscape need to be fixed
(since it takes an explicit length argument)?
|
|
msg57069 - (view) |
Author: Georg Brandl (georg.brandl) |
Date: 2007-11-02 22:23 |
|
Guido, didn't you fix something about 0-termination in a DecodeUnicode
function recently? I can't seem to find the commit now though...
|
|
msg57071 - (view) |
Author: Guido van Rossum (gvanrossum) |
Date: 2007-11-02 22:35 |
|
Yes I did, in r58709, in the trunk.
Please backport to 2.5.2.
|
|
msg57072 - (view) |
Author: Guido van Rossum (gvanrossum) |
Date: 2007-11-02 22:38 |
|
Also r58708 and r58707 in the py3k-pep3137 branch.
See also bug 1359.
|
|
msg57074 - (view) |
Author: Georg Brandl (georg.brandl) |
Date: 2007-11-02 22:46 |
|
Committed r58814.
|
|
| Date |
User |
Action |
Args |
| 2007-11-02 22:46:47 | georg.brandl | set | status: open -> closed
resolution: fixed
messages:
+ msg57074 |
| 2007-11-02 22:38:39 | gvanrossum | set | messages:
+ msg57072 |
| 2007-11-02 22:35:52 | gvanrossum | set | assignee: gvanrossum ->
messages:
+ msg57071 |
| 2007-11-02 22:23:49 | georg.brandl | set | assignee: loewis -> gvanrossum
messages:
+ msg57069
nosy:
+ gvanrossum |
| 2007-09-12 19:32:54 | georg.brandl | set | assignee: loewis
type: crash
messages:
+ msg55863
nosy:
+ loewis, georg.brandl |
| 2007-09-04 05:38:55 | Rhamphoryncus | create | |
|
