Created on 2007-09-04 05:38 by Rhamphoryncus, last changed 2007-11-02 22:46 by georg.brandl. This issue is now closed.
| Messages (6) | |||
|---|---|---|---|
| msg55630 - (view) | Author: Adam Olsen (Rhamphoryncus) | Date: 2007-09-04 05:38 | |
In the large else branch in decode_unicode (if encoding is not NULL or "iso-8859-1"), the new string it produces is not nul-terminated. This then hits PyUnicode_DecodeUnicodeEscape's octal escape case, which reads past the end of the string (but would stop if there was a nul there.) I found this via valgrind. |
|||
| msg55863 - (view) | Author: Georg Brandl (georg.brandl) *  |
Date: 2007-09-12 19:32 | |
The function in question is in Python/ast.c. Martin, does the string need to be null-terminated or does DecodeUnicodeEscape need to be fixed (since it takes an explicit length argument)? |
|||
| msg57069 - (view) | Author: Georg Brandl (georg.brandl) * |
Date: 2007-11-02 22:23 | |
Guido, didn't you fix something about 0-termination in a DecodeUnicode function recently? I can't seem to find the commit now though... |
|||
| msg57071 - (view) | Author: Guido van Rossum (gvanrossum) * |
Date: 2007-11-02 22:35 | |
Yes I did, in r58709, in the trunk. Please backport to 2.5.2. |
|||
| msg57072 - (view) | Author: Guido van Rossum (gvanrossum) * |
Date: 2007-11-02 22:38 | |
Also r58708 and r58707 in the py3k-pep3137 branch. See also bug 1359. |
|||
| msg57074 - (view) | Author: Georg Brandl (georg.brandl) * |
Date: 2007-11-02 22:46 | |
Committed r58814. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2007-11-02 22:46:47 | georg.brandl | set | status: open -> closed resolution: fixed messages: + msg57074 |
| 2007-11-02 22:38:39 | gvanrossum | set | messages: + msg57072 |
| 2007-11-02 22:35:52 | gvanrossum | set | assignee: gvanrossum -> messages: + msg57071 |
| 2007-11-02 22:23:49 | georg.brandl | set | assignee: loewis -> gvanrossum messages: + msg57069 nosy: + gvanrossum |
| 2007-09-12 19:32:54 | georg.brandl | set | assignee: loewis type: crash messages: + msg55863 nosy: + loewis, georg.brandl |
| 2007-09-04 05:38:55 | Rhamphoryncus | create | |