Out-of-bounds buffer access in match_getslice_by_index #73630

WGH · 2017-02-04T16:23:03Z

BPO	29444
Nosy	@ezio-melotti, @serhiy-storchaka
PRs	[Do Not Merge] Convert `Misc/NEWS` so that it is managed by towncrier #552
Files	match_getslice_by_index.patch

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = 'https://github.com/serhiy-storchaka'
closed_at = <Date 2017-02-04.20:59:58.837>
created_at = <Date 2017-02-04.16:23:03.412>
labels = ['type-security', 'expert-regex', '3.7']
title = 'Out-of-bounds buffer access in match_getslice_by_index'
updated_at = <Date 2017-03-31.16:36:17.859>
user = 'https://bugs.python.org/WGH'

bugs.python.org fields:

activity = <Date 2017-03-31.16:36:17.859>
actor = 'dstufft'
assignee = 'serhiy.storchaka'
closed = True
closed_date = <Date 2017-02-04.20:59:58.837>
closer = 'serhiy.storchaka'
components = ['Regular Expressions']
creation = <Date 2017-02-04.16:23:03.412>
creator = 'WGH'
dependencies = []
files = ['46518']
hgrepos = []
issue_num = 29444
keywords = ['patch']
message_count = 8.0
messages = ['286974', '286984', '286985', '286986', '286989', '286991', '286992', '286993']
nosy_count = 5.0
nosy_names = ['ezio.melotti', 'mrabarnett', 'python-dev', 'serhiy.storchaka', 'WGH']
pr_nums = ['552']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'security'
url = 'https://bugs.python.org/issue29444'
versions = ['Python 3.5', 'Python 3.6', 'Python 3.7']

The text was updated successfully, but these errors were encountered:

WGH · 2017-02-04T16:23:03Z

In [1]: import re

In [2]: b = bytearray(b'A'*100)

In [3]: m = re.search(b'A*', b)

In [4]: m.group()
Out[4]: b'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'

In [5]: del b[:]

In [6]: m.group()
Out[6]: b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x9a\xc4\xb2i\x7f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'

I will attach the patch shortly.

serhiy-storchaka · 2017-02-04T19:52:20Z

Thank you for your patch WGH. It is correct and fixes out-of-bounds buffer access. But I don't know what would be the better solution: silently adjust indices or raise RuntimeError?

WGH · 2017-02-04T20:06:47Z

Python 2.7 (CPython and PyPy) and also PyPy's Python 3 adjust the indices, like my patch does, if that matters.

serhiy-storchaka · 2017-02-04T20:25:17Z

Ah, this is good reason. The patch LGTM.

python-dev · 2017-02-04T20:58:07Z

New changeset 4e65d6c20dae by Serhiy Storchaka in branch '3.5':
Issue bpo-29444: Fixed out-of-bounds buffer access in the group() method of
https://hg.python.org/cpython/rev/4e65d6c20dae

New changeset 393969776989 by Serhiy Storchaka in branch '3.6':
Issue bpo-29444: Fixed out-of-bounds buffer access in the group() method of
https://hg.python.org/cpython/rev/393969776989

New changeset 476b0fa34db4 by Serhiy Storchaka in branch 'default':
Issue bpo-29444: Fixed out-of-bounds buffer access in the group() method of
https://hg.python.org/cpython/rev/476b0fa34db4

python-dev · 2017-02-04T21:00:28Z

New changeset 83d13325dec591676eeafb12a4caa01a67ef2f7e by Serhiy Storchaka in branch 'master':
Issue bpo-29444: Fixed out-of-bounds buffer access in the group() method of
83d1332

New changeset 929374345586086c9860a3937b275511dcc8185a by Serhiy Storchaka in branch 'master':
Issue bpo-29444: Fixed out-of-bounds buffer access in the group() method of
9293743

New changeset e0a10190f88e474a159da92b7b5be472e0d7f325 by Serhiy Storchaka in branch 'master':
Issue bpo-29444: Fixed out-of-bounds buffer access in the group() method of
e0a1019

python-dev · 2017-02-04T21:00:31Z

New changeset 83d13325dec591676eeafb12a4caa01a67ef2f7e by Serhiy Storchaka in branch '3.6':
Issue bpo-29444: Fixed out-of-bounds buffer access in the group() method of
83d1332

New changeset 929374345586086c9860a3937b275511dcc8185a by Serhiy Storchaka in branch '3.6':
Issue bpo-29444: Fixed out-of-bounds buffer access in the group() method of
9293743

python-dev · 2017-02-04T21:00:33Z

New changeset 83d13325dec591676eeafb12a4caa01a67ef2f7e by Serhiy Storchaka in branch '3.5':
Issue bpo-29444: Fixed out-of-bounds buffer access in the group() method of
83d1332

WGH mannequin added 3.7 (EOL) end of life topic-regex type-security A security issue labels Feb 4, 2017

serhiy-storchaka self-assigned this Feb 4, 2017

serhiy-storchaka closed this as completed Feb 4, 2017

ezio-melotti transferred this issue from another repository Apr 10, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Out-of-bounds buffer access in match_getslice_by_index #73630

Out-of-bounds buffer access in match_getslice_by_index #73630

WGH mannequin commented Feb 4, 2017

WGH mannequin commented Feb 4, 2017

serhiy-storchaka commented Feb 4, 2017

WGH mannequin commented Feb 4, 2017

serhiy-storchaka commented Feb 4, 2017

python-dev mannequin commented Feb 4, 2017

python-dev mannequin commented Feb 4, 2017

python-dev mannequin commented Feb 4, 2017

python-dev mannequin commented Feb 4, 2017

Out-of-bounds buffer access in match_getslice_by_index #73630

Out-of-bounds buffer access in match_getslice_by_index #73630

Comments

WGH mannequin commented Feb 4, 2017

WGH mannequin commented Feb 4, 2017

serhiy-storchaka commented Feb 4, 2017

WGH mannequin commented Feb 4, 2017

serhiy-storchaka commented Feb 4, 2017

python-dev mannequin commented Feb 4, 2017

python-dev mannequin commented Feb 4, 2017

python-dev mannequin commented Feb 4, 2017

python-dev mannequin commented Feb 4, 2017