Message82881
[Found by a Googler who prefers to remain anonymous]
This might be easier to trigger on a 64-bit:
PyObject *PyUnicode_DecodeUTF7Stateful(...)
{
...
Py_ssize_t startinpos;
...
while (s < e) {
...
utf7Error:
outpos = p-PyUnicode_AS_UNICODE(unicode);
endinpos = s-starts;
if (unicode_decode_call_errorhandler(
errors, &errorHandler,
"utf7", errmsg,
starts, size, &startinpos, &endinpos, &exc, &s,
&unicode, &outpos, &p))
...
}
...
}
The lack of initialization of startinpos will lead to the likelihood of
the value being >= INT_MAX with a 64-bit value, leading to the
subsequent assert [somewhere in unicode_decode_call_errorhandler()]. In
theory the assert could trigger in 32-bit if the uninitialized value
happened to get set to INT_MAX.
The other similar variable also probably need to be initialized.
Furthermore, the function PyUnicode_DecodeUTF8Stateful also has the same
uninitialized variables. |
|
Date |
User |
Action |
Args |
2009-02-27 22:13:14 | gvanrossum | set | recipients:
+ gvanrossum |
2009-02-27 22:13:14 | gvanrossum | set | messageid: <1235772794.07.0.300454209619.issue5389@psf.upfronthosting.co.za> |
2009-02-27 22:13:12 | gvanrossum | link | issue5389 messages |
2009-02-27 22:13:12 | gvanrossum | create | |
|