Message307238
Leo kirotawa silva: "I re-did the build here for python3.4 and couldn't reach the same test fail. So I'm assuming it was a false alarm."
Python 3.4 and 3.5 seem to be also vulnerable:
---
PyObject *PyBytes_DecodeEscape(const char *s,
Py_ssize_t len,
const char *errors,
Py_ssize_t unicode,
const char *recode_encoding)
{
...
Py_ssize_t newlen = recode_encoding ? 4*len:len;
v = PyBytes_FromStringAndSize((char *)NULL, newlen);
---
I don't think that Python 3.6 and 3.7 are vulnerable, the code was rewritten with the _PyBytesWriter API. The code got a new _PyBytes_DecodeEscapeRecode() helper function which calls _PyBytesWriter_WriteBytes(), and this function detects properly integer overflows. |
|
Date |
User |
Action |
Args |
2017-11-29 16:05:39 | vstinner | set | recipients:
+ vstinner, larry, serhiy.storchaka, jaybosamiya, leosilva |
2017-11-29 16:05:39 | vstinner | set | messageid: <1511971539.92.0.213398074469.issue30657@psf.upfronthosting.co.za> |
2017-11-29 16:05:39 | vstinner | link | issue30657 messages |
2017-11-29 16:05:39 | vstinner | create | |
|