Message97759
binascii_b2a_uu() estimate the output string length using 2+bin_len*2.
It's almost correct... except for bin_len=1. The result is a memory
write into unallocated memory:
$ ./python -c "import binascii; binascii.b2a_uu('x')"
Debug memory block at address p=0x87da568: API 'o'
33 bytes originally requested
The 3 pad bytes at p-3 are FORBIDDENBYTE, as expected.
The 4 pad bytes at tail=0x87da589 are not all FORBIDDENBYTE (0xfb):
at tail+0: 0x0a *** OUCH
at tail+1: 0xfb
at tail+2: 0xfb
at tail+3: 0xfb
The block was made by call #25195 to debug malloc/realloc.
Data at p: 00 00 00 00 00 00 00 00 ... 00 00 00 21 3e 20 20 20
Fatal Python error: bad trailing pad byte
Abandon
Current output string length estimation for input string 0..10:
>>> [len(binascii.b2a_uu("x"*bin_len)) for bin_len in xrange(10)]
[2, 6, 6, 6, 10, 10, 10, 14, 14, 14]
>>> [(2+bin_len*2) for bin_len in xrange(10)]
[2, 4, 6, 8, 10, 12, 14, 16, 18, 20]
The estimation is correct for all lengths... except for bin_len=1. And
it's oversized for bin_len >= 9. The exact length is:
2+ceil(bin_len*8/6) <=> 2+(bin_len+5)*8//6 <=> 2+(bin_len+2)*4//3
Example with length 0..10:
>>> [len(binascii.b2a_uu("x"*bin_len)) for bin_len in xrange(10)]
[2, 6, 6, 6, 10, 10, 10, 14, 14, 14]
>>> [(2+(bin_len+2)*4//3) for bin_len in xrange(10)]
[4, 6, 7, 8, 10, 11, 12, 14, 15, 16]
Attached patch uses the correct estimation. |
|
Date |
User |
Action |
Args |
2010-01-14 11:56:22 | vstinner | set | recipients:
+ vstinner |
2010-01-14 11:56:22 | vstinner | set | messageid: <1263470182.49.0.868243378906.issue7701@psf.upfronthosting.co.za> |
2010-01-14 11:56:21 | vstinner | link | issue7701 messages |
2010-01-14 11:56:21 | vstinner | create | |
|