This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author gvanrossum
Recipients gvanrossum
Date 2009-02-27.22:13:12
SpamBayes Score 2.0407633e-05
Marked as misclassified No
Message-id <1235772794.07.0.300454209619.issue5389@psf.upfronthosting.co.za>
In-reply-to
Content 
[Found by a Googler who prefers to remain anonymous]

This might be easier to trigger on a 64-bit:

PyObject *PyUnicode_DecodeUTF7Stateful(...)
{
    ...
    Py_ssize_t startinpos;
    ...
    while (s < e) {
    ...
      utf7Error:
        outpos = p-PyUnicode_AS_UNICODE(unicode);
        endinpos = s-starts;
        if (unicode_decode_call_errorhandler(
                errors, &errorHandler,
                "utf7", errmsg,
                starts, size, &startinpos, &endinpos, &exc, &s,
                &unicode, &outpos, &p))
        ...
    }
    ...
}

The lack of initialization of startinpos will lead to the likelihood of
the value being >= INT_MAX with a 64-bit value, leading to the
subsequent assert [somewhere in unicode_decode_call_errorhandler()]. In
theory the assert could trigger in 32-bit if the uninitialized value
happened to get set to INT_MAX.

The other similar variable also probably need to be initialized.
Furthermore, the function PyUnicode_DecodeUTF8Stateful also has the same
uninitialized variables.
History
Date User Action Args
2009-02-27 22:13:14gvanrossumsetrecipients: + gvanrossum
2009-02-27 22:13:14gvanrossumsetmessageid: <1235772794.07.0.300454209619.issue5389@psf.upfronthosting.co.za>
2009-02-27 22:13:12gvanrossumlinkissue5389 messages
2009-02-27 22:13:12gvanrossumcreate