This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author serhiy.storchaka
Recipients serhiy.storchaka
Date 2018-12-21.11:15:59
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1545390959.35.0.788709270274.issue35552@psf.upfronthosting.co.za>
In-reply-to
Content 
Format characters %s and %V in PyUnicode_FromFormat() and %s PyBytes_FromFormat() allow to limit the number of bytes read from the argument. For example PyUnicode_FromFormat("must be string, not '%.50s'", obj->ob_type->tp_name) will use not more than 50 bytes from obj->ob_type->tp_name for creating a message.

But while the number of bytes used for creating the resulting Unicode or bytes object is limited, the current implementation can read past this limit. It uses strlen() for searching the first null byte, and bounds the result to the specified limit. If the input is not null terminated, this can cause a crash.

The proposed PR makes the code never reading past the specified limit.
History
Date User Action Args
2018-12-21 11:15:59serhiy.storchakasetrecipients: + serhiy.storchaka
2018-12-21 11:15:59serhiy.storchakasetmessageid: <1545390959.35.0.788709270274.issue35552@psf.upfronthosting.co.za>
2018-12-21 11:15:59serhiy.storchakalinkissue35552 messages
2018-12-21 11:15:59serhiy.storchakacreate