Issue 1098: decode_unicode doesn't nul-terminate (original) (raw)
Issue1098
➜
This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.
This issue has been migrated to GitHub: https://github.com/python/cpython/issues/45439
classification
| Title: | decode_unicode doesn't nul-terminate | |
|---|---|---|
| Type: | crash | Stage: |
| Components: | Versions: |
process
| Status: | closed | Resolution: | fixed |
|---|---|---|---|
| Dependencies: | Superseder: | ||
| Assigned To: | Nosy List: | Rhamphoryncus, georg.brandl, gvanrossum, loewis | |
| Priority: | normal | Keywords: |
Created on 2007-09-04 05:38 by Rhamphoryncus, last changed 2022-04-11 14:56 by admin. This issue is now closed.
| Messages (6) | ||
|---|---|---|
| msg55630 - (view) | Author: Adam Olsen (Rhamphoryncus) | Date: 2007-09-04 05:38 |
| In the large else branch in decode_unicode (if encoding is not NULL or "iso-8859-1"), the new string it produces is not nul-terminated. This then hits PyUnicode_DecodeUnicodeEscape's octal escape case, which reads past the end of the string (but would stop if there was a nul there.) I found this via valgrind. | ||
| msg55863 - (view) | Author: Georg Brandl (georg.brandl) *  |
Date: 2007-09-12 19:32 |
| The function in question is in Python/ast.c. Martin, does the string need to be null-terminated or does DecodeUnicodeEscape need to be fixed (since it takes an explicit length argument)? | ||
| msg57069 - (view) | Author: Georg Brandl (georg.brandl) * |
Date: 2007-11-02 22:23 |
| Guido, didn't you fix something about 0-termination in a DecodeUnicode function recently? I can't seem to find the commit now though... | ||
| msg57071 - (view) | Author: Guido van Rossum (gvanrossum) * |
Date: 2007-11-02 22:35 |
| Yes I did, in r58709, in the trunk. Please backport to 2.5.2. | ||
| msg57072 - (view) | Author: Guido van Rossum (gvanrossum) * |
Date: 2007-11-02 22:38 |
| Also r58708 and r58707 in the py3k-pep3137 branch. See also bug 1359. | ||
| msg57074 - (view) | Author: Georg Brandl (georg.brandl) * |
Date: 2007-11-02 22:46 |
| Committed r58814. |
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:56:26 | admin | set | github: 45439 |
| 2007-11-02 22:46:47 | georg.brandl | set | status: open -> closedresolution: fixedmessages: + |
| 2007-11-02 22:38:39 | gvanrossum | set | messages: + |
| 2007-11-02 22:35:52 | gvanrossum | set | assignee: gvanrossum -> messages: + |
| 2007-11-02 22:23:49 | georg.brandl | set | assignee: loewis -> gvanrossummessages: + nosy: + gvanrossum |
| 2007-09-12 19:32:54 | georg.brandl | set | assignee: loewistype: crashmessages: + nosy: + loewis, georg.brandl |
| 2007-09-04 05:38:55 | Rhamphoryncus | create |