Author vstinner
Recipients Leo kirotawa silva, jaybosamiya, larry, serhiy.storchaka, vstinner
Date 2017-11-29.16:05:39
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1511971539.92.0.213398074469.issue30657@psf.upfronthosting.co.za>
In-reply-to
Content
Leo kirotawa silva: "I re-did the build here for python3.4 and couldn't reach the same test fail. So I'm assuming it was a false alarm."

Python 3.4 and 3.5 seem to be also vulnerable:
---

PyObject *PyBytes_DecodeEscape(const char *s,
                                Py_ssize_t len,
                                const char *errors,
                                Py_ssize_t unicode,
                                const char *recode_encoding)
{
    ...
    Py_ssize_t newlen = recode_encoding ? 4*len:len;
    v = PyBytes_FromStringAndSize((char *)NULL, newlen);
---

I don't think that Python 3.6 and 3.7 are vulnerable, the code was rewritten with the _PyBytesWriter API. The code got a new _PyBytes_DecodeEscapeRecode() helper function which calls _PyBytesWriter_WriteBytes(), and this function detects properly integer overflows.
History
Date User Action Args
2017-11-29 16:05:39vstinnersetrecipients: + vstinner, larry, serhiy.storchaka, jaybosamiya, Leo kirotawa silva
2017-11-29 16:05:39vstinnersetmessageid: <1511971539.92.0.213398074469.issue30657@psf.upfronthosting.co.za>
2017-11-29 16:05:39vstinnerlinkissue30657 messages
2017-11-29 16:05:39vstinnercreate