Issue 1098: decode_unicode doesn't nul-terminate

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/45439

classification

Title:	decode_unicode doesn't nul-terminate
Type:	crash	Stage:
Components:		Versions:

process

Status:	closed	Resolution:	fixed
Dependencies:		Superseder:
Assigned To:		Nosy List:	Rhamphoryncus, georg.brandl, gvanrossum, loewis
Priority:	normal	Keywords:

Created on 2007-09-04 05:38 by Rhamphoryncus, last changed 2022-04-11 14:56 by admin. This issue is now closed.

Messages (6)
msg55630 - (view)	Author: Adam Olsen (Rhamphoryncus)	Date: 2007-09-04 05:38
In the large else branch in decode_unicode (if encoding is not NULL or "iso-8859-1"), the new string it produces is not nul-terminated. This then hits PyUnicode_DecodeUnicodeEscape's octal escape case, which reads past the end of the string (but would stop if there was a nul there.) I found this via valgrind.
msg55863 - (view)	Author: Georg Brandl (georg.brandl) *	Date: 2007-09-12 19:32
The function in question is in Python/ast.c. Martin, does the string need to be null-terminated or does DecodeUnicodeEscape need to be fixed (since it takes an explicit length argument)?
msg57069 - (view)	Author: Georg Brandl (georg.brandl) *	Date: 2007-11-02 22:23
Guido, didn't you fix something about 0-termination in a DecodeUnicode function recently? I can't seem to find the commit now though...
msg57071 - (view)	Author: Guido van Rossum (gvanrossum) *	Date: 2007-11-02 22:35
Yes I did, in r58709, in the trunk. Please backport to 2.5.2.
msg57072 - (view)	Author: Guido van Rossum (gvanrossum) *	Date: 2007-11-02 22:38
Also r58708 and r58707 in the py3k-pep3137 branch. See also bug 1359.
msg57074 - (view)	Author: Georg Brandl (georg.brandl) *	Date: 2007-11-02 22:46
Committed r58814.

History
Date	User	Action	Args
2022-04-11 14:56:26	admin	set	github: 45439
2007-11-02 22:46:47	georg.brandl	set	status: open -> closed resolution: fixed messages: + msg57074
2007-11-02 22:38:39	gvanrossum	set	messages: + msg57072
2007-11-02 22:35:52	gvanrossum	set	assignee: gvanrossum -> messages: + msg57071
2007-11-02 22:23:49	georg.brandl	set	assignee: loewis -> gvanrossum messages: + msg57069 nosy: + gvanrossum
2007-09-12 19:32:54	georg.brandl	set	assignee: loewis type: crash messages: + msg55863 nosy: + loewis, georg.brandl
2007-09-04 05:38:55	Rhamphoryncus	create