This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author yiyuaner
Recipients ezio.melotti, vstinner, yiyuaner
Date 2021-05-07.15:00:44
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1620399644.92.0.605613335347.issue44068@roundup.psfhosted.org>
In-reply-to
Content 
In the file Objects/unicodeobject.c, we have the following code:

static PyObject*
resize_compact(PyObject *unicode, Py_ssize_t length) {
  ...
  char_size = PyUnicode_KIND(unicode);
  ...
  if (length > ((PY_SSIZE_T_MAX - struct_size) / char_size - 1)) {
    PyErr_NoMemory();
    return NULL;
  }
}

However, PyUnicode_KIND may return 0 if the variable unicode has kind PyUnicode_WCHAR_KIND, leading to a divide by zero problem.

The same pattern is also used without checking in function "static int
resize_inplace(PyObject *unicode, Py_ssize_t length)".

Here is the link to the code location: https://github.com/python/cpython/blob/main/Objects/unicodeobject.c#L1045

Should we add an explicit check on variable char_size before using it in division?
History
Date User Action Args
2021-05-07 15:00:44yiyuanersetrecipients: + yiyuaner, vstinner, ezio.melotti
2021-05-07 15:00:44yiyuanersetmessageid: <1620399644.92.0.605613335347.issue44068@roundup.psfhosted.org>
2021-05-07 15:00:44yiyuanerlinkissue44068 messages
2021-05-07 15:00:44yiyuanercreate