A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://github.com/python/cpython/commit/6c939cb6f6dfbd273609577b0022542d31ae2802 below:

in scan_once, prevent the reading of arbitrary memory when passed a n… · python/cpython@6c939cb · GitHub

File tree Expand file treeCollapse file tree 4 files changed

+17

-2

lines changed

Filter options

Expand file treeCollapse file tree 4 files changed

+17

-2

lines changed Original file line number Diff line number Diff line change

@@ -60,5 +60,10 @@ def test_invalid_escape(self):

 60 60

msg = 'escape'

 61 61

self.assertRaisesRegexp(ValueError, msg, self.loads, s)

 62 62 63 +

def test_negative_index(self):

 64 +

d = self.json.JSONDecoder()

 65 +

self.assertRaises(ValueError, d.raw_decode, 'a'*42, -50000)

 66 +

self.assertRaises(ValueError, d.raw_decode, u'a'*42, -50000)

 67 + 63 68

class TestPyDecode(TestDecode, PyTest): pass

 64 69

class TestCDecode(TestDecode, CTest): pass

 Original file line number Diff line number Diff line change

@@ -1369,6 +1369,7 @@ Pauli Virtanen

 1369 1369

Frank Visser

 1370 1370

Johannes Vogel

 1371 1371

Alex Volkov

 1372 +

Guido Vranken

 1372 1373

Martijn Vries

 1373 1374

Sjoerd de Vries

 1374 1375

Niki W. Waibel

 Original file line number Diff line number Diff line change

@@ -43,6 +43,9 @@ Core and Builtins

 43 43

Library

 44 44

-------

 45 45 46 +

- Fix arbitrary memory access in JSONDecoder.raw_decode with a negative second

 47 +

parameter. Bug reported by Guido Vranken.

 48 + 46 49

- Issue #21172: isinstance check relaxed from dict to collections.Mapping.

 47 50 48 51

- Issue #21191: In os.fdopen, alwyas close the file descriptor when an exception

 Original file line number Diff line number Diff line change

@@ -1468,7 +1468,10 @@ scan_once_str(PyScannerObject *s, PyObject *pystr, Py_ssize_t idx, Py_ssize_t *n

 1468 1468

PyObject *res;

 1469 1469

char *str = PyString_AS_STRING(pystr);

 1470 1470

Py_ssize_t length = PyString_GET_SIZE(pystr);

 1471 -

if (idx >= length) {

 1471 +

if (idx < 0)

 1472 +

/* Compatibility with the Python version. */

 1473 +

idx += length;

 1474 +

if (idx < 0 || idx >= length) {

 1472 1475

PyErr_SetNone(PyExc_StopIteration);

 1473 1476

return NULL;

 1474 1477

}

@@ -1555,7 +1558,10 @@ scan_once_unicode(PyScannerObject *s, PyObject *pystr, Py_ssize_t idx, Py_ssize_

 1555 1558

PyObject *res;

 1556 1559

Py_UNICODE *str = PyUnicode_AS_UNICODE(pystr);

 1557 1560

Py_ssize_t length = PyUnicode_GET_SIZE(pystr);

 1558 -

if (idx >= length) {

 1561 +

if (idx < 0)

 1562 +

/* Compatibility with Python version. */

 1563 +

idx += length;

 1564 +

if (idx < 0 || idx >= length) {

 1559 1565

PyErr_SetNone(PyExc_StopIteration);

 1560 1566

return NULL;

 1561 1567

}

You can’t perform that action at this time.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4