New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bugs in scanstring_str() and scanstring_unicode() of _json module #47572
Comments
scanstring_str() and scanstring_unicode() functions don't end value
whereas it can be outside input string range. A check like this is
needed:
if (end < 0 || len <= end) {
PyErr_SetString(PyExc_ValueError, "xxx");
return NULL;
} next is set to begin but few lines later (before first use of next), In error message, eg. "Invalid control character at (...)", begin is I'm unable to fix these functions because I don't understand the code. |
To reproduce the crash, try very big negative integer as second >>> _json.scanstring("test", -23492394)
Erreur de segmentation (core dumped)
>>> _json.scanstring(u"test", -1239239)
Erreur de segmentation (core dumped) |
Bob, do you know how to fix this? |
I wrote that I'm unable to fix the bug correctly, but I wrote a patch
|
Am I to understand that the bug here is that the C extension doesn't |
I've audited the patch, while it does fix the input range it looks like |
I just committed a fix to trunk in r65147, needs port to py3k? |
Was merged in r65148. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: