Author serhiy.storchaka
Recipients barry, benjamin.peterson, ezio.melotti, georg.brandl, glebourgeois, larry, mrabarnett, ncoghlan, serhiy.storchaka, vstinner
Date 2013-10-17.16:29:56
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Here is a patch for 3.3+.

Other versions are affected too. They don't raise SystemError, but produce illegal unicode string on wide build.

E.g. in Python 2.7:

>>> 'a+/,+IKw-b'.decode('utf-7', 'replace')

\U003f20ac is illegal code.

As encoding and encoded data can come from external source, this can be used in secure attacks.
Date User Action Args
2013-10-17 16:29:57serhiy.storchakasetrecipients: + serhiy.storchaka, barry, georg.brandl, ncoghlan, vstinner, larry, benjamin.peterson, ezio.melotti, mrabarnett, glebourgeois
2013-10-17 16:29:57serhiy.storchakasetmessageid: <>
2013-10-17 16:29:57serhiy.storchakalinkissue19279 messages
2013-10-17 16:29:57serhiy.storchakacreate