Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PyOS_mystricmp advances pointers too far #85696

Closed
wmeehan mannequin opened this issue Aug 11, 2020 · 6 comments
Closed

PyOS_mystricmp advances pointers too far #85696

wmeehan mannequin opened this issue Aug 11, 2020 · 6 comments
Labels
3.7 (EOL) end of life 3.8 only security fixes 3.9 only security fixes 3.10 only security fixes easy topic-C-API type-bug An unexpected behavior, bug, or error

Comments

@wmeehan
Copy link
Mannequin

wmeehan mannequin commented Aug 11, 2020

BPO 41524
Nosy @serhiy-storchaka, @corona10, @miss-islington, @wmeehan
PRs
  • bpo-41524: fix pointer bug in PyOS_mystr{n}icmp #21845
  • [3.9] bpo-41524: fix pointer bug in PyOS_mystr{n}icmp (GH-21845) #21978
  • [3.8] bpo-41524: fix pointer bug in PyOS_mystr{n}icmp (GH-21845) #21979
  • [3.8] bpo-41524: fix pointer bug in PyOS_mystr{n}icmp (GH-21845) #22016
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2020-08-30.07:21:09.623>
created_at = <Date 2020-08-11.22:01:38.227>
labels = ['easy', 'type-bug', '3.8', '3.9', '3.10', 'expert-C-API', '3.7']
title = 'PyOS_mystricmp advances pointers too far'
updated_at = <Date 2020-08-30.07:21:09.622>
user = 'https://github.com/wmeehan'

    bugs.python.org fields:

    activity = <Date 2020-08-30.07:21:09.622>
actor = 'corona10'
assignee = 'none'
closed = True
closed_date = <Date 2020-08-30.07:21:09.623>
closer = 'corona10'
components = ['C API']
creation = <Date 2020-08-11.22:01:38.227>
creator = 'wmeehan'
dependencies = []
files = []
hgrepos = []
issue_num = 41524
keywords = ['patch', 'easy (C)']
message_count = 6.0
messages = ['375203', '375208', '375982', '376101', '376102', '376103']
nosy_count = 4.0
nosy_names = ['serhiy.storchaka', 'corona10', 'miss-islington', 'wmeehan']
pr_nums = ['21845', '21978', '21979', '22016']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue41524'
versions = ['Python 3.5', 'Python 3.6', 'Python 3.7', 'Python 3.8', 'Python 3.9', 'Python 3.10']
    @wmeehan
    Copy link
    Mannequin Author

    wmeehan mannequin commented Aug 11, 2020

    The existing implementation of PyOS_mystricmp increments both pointers as long as the first string hasn't reached the end yet. If the second string ends first, then we increment past the null byte. If there is a difference in the middle of the two strings, then the result actually compares the following pair of letters.

    e.g.
    PyOS_mystricmp("a", "\0") => 0 (should be positive)
    PyOS_mystricmp("foo", "fro") => 0 (should be negative)

    Similarly, PyOS_mystrnicmp increments the pointers in a condition before breaking out of the loop. It's possible to increment the first pointer without incrementing the second, and the result is the character past the null byte.

    e.g.
    PyOS_mystrnicmp("\0a", "\0b", 2) => 97 (should be negative)

    @wmeehan wmeehan mannequin added 3.7 (EOL) end of life 3.8 only security fixes 3.9 only security fixes 3.10 only security fixes topic-C-API type-bug An unexpected behavior, bug, or error labels Aug 11, 2020
    @serhiy-storchaka
    Copy link
    Member

    Good catch! Do you mind to provide a PR for this William?

    @corona10
    Copy link
    Member

    New changeset 97eaf2b by wmeehan in branch 'master':
    bpo-41524: fix pointer bug in PyOS_mystr{n}icmp (GH-21845)
    97eaf2b

    @corona10
    Copy link
    Member

    New changeset 901c2ea by Miss Islington (bot) in branch '3.9':
    bpo-41524: fix pointer bug in PyOS_mystr{n}icmp (GH-21845) (GH-21978)
    901c2ea

    @corona10
    Copy link
    Member

    New changeset 85ca9c0 by Miss Islington (bot) in branch '3.8':
    bpo-41524: fix pointer bug in PyOS_mystr{n}icmp (GH-21845) (GH-22016)
    85ca9c0

    @corona10
    Copy link
    Member

    Thanks William

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    3.7 (EOL) end of life 3.8 only security fixes 3.9 only security fixes 3.10 only security fixes easy topic-C-API type-bug An unexpected behavior, bug, or error
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    2 participants
    @serhiy-storchaka @corona10