New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
integer overflow in encoding unicode #66708
Comments
# static PyObject * |
Looks very similar to bpo-22470. |
New changeset b2e68274aa8e by Benjamin Peterson in branch '2.7': New changeset 3b7e93249700 by Benjamin Peterson in branch '2.7': New changeset 3c67d19c624f by Benjamin Peterson in branch '3.3': New changeset 88332ea4c140 by Benjamin Peterson in branch '3.3': New changeset 7dab27fffff2 by Benjamin Peterson in branch '3.4': New changeset f86fde20e9ce by Benjamin Peterson in branch 'default': |
This changeset added ">>>> other". It looks like you commited a conflict.
+ if (outsize <= PY_SSIZE_T_MAX/2 && requiredsize < 2*outsize) I'm not sure that this change is correct. Why not raising an exception on overflow? |
It would be nice to add a bigmem test to check that repr('\x00'*(2**30+1)) doesn't crash anymore. |
Ooops, wrong issue, the test is : ("\uffff" * (2**29)).encode("latin1", errors="xmlcharrefreplace"). |
This is correct. This check prevents overflow. |
Oh, I didn't understand that "requiredsize = 2*outsize;" is only used for performances, to overallocate the buffer. So I agree that it's fine to not overallocate if it would overflow. |
Benjamin, could you make a patch for 3.2 as well? |
("\uffff" * (sys.maxsize//8+1)).encode("latin1", errors="xmlcharrefreplace") or ("\xff" * (sys.maxsize//6+1)).encode("ascii", errors="xmlcharrefreplace") |
New changeset 3f7519f633ed by Serhiy Storchaka in branch '2.7': New changeset ec9b7fd246b6 by Serhiy Storchaka in branch '3.4': New changeset 2df4cc31c36e by Serhiy Storchaka in branch 'default': |
New changeset d1be1f355f59 by Serhiy Storchaka in branch '2.7': |
New changeset 51317c9786f5 by Serhiy Storchaka in branch '3.3': |
Sorry for noise, these changes are related to bpo-22470. |
Do you want to add a bigmem test or close this issue Benjamin? |
I wouldn't object if you had a patch. |
Integer overflow errors were fixed in 4 error handlers: surrogatepass, backslashreplace, namereplace, and xmlcharrefreplace. Is is hard to write general robust tests. In worst cases they requires more than sys.maxsize or even sys.maxsize*2 memory and for sure fail with MemoryError. It is possible to write a test for xmlcharrefreplace, but it will not robust, after changes of implementation details it could raise MemoryError instead of OverflowError after consuming all address space. So I suggest close this issue without tests. Such tests are useless. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: