Skip to content

[2.7] bpo-35214: Fix OOB memory access in unicode escape parser (GH-10506) #10538

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Nov 14, 2018
Merged

[2.7] bpo-35214: Fix OOB memory access in unicode escape parser (GH-10506) #10538

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ffd1238
Fix an out of bounds memory access.
gpshead Nov 14, 2018
f4b56e9
news entry
gpshead Nov 14, 2018
8d35bbe
add a u prefix, this is Python 2.
gpshead Nov 14, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions Misc/NEWS.d/next/Core and Builtins/2018-11-13-17-20-18.bpo-35214.AH2F87.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Fixed an out of bounds memory access when parsing a truncated unicode escape
sequence at the end of a string such as ``u'\N'``. It would read one byte
beyond the end of the memory allocation.
2 changes: 1 addition & 1 deletion Objects/unicodeobject.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2950,7 +2950,7 @@ PyObject *PyUnicode_DecodeUnicodeEscape(const char *s,
if (ucnhash_CAPI == NULL)
goto ucnhashError;
}
if (*s == '{') {
if (s < end && *s == '{') {
const char *start = s+1;
/* look for the closing brace */
while (*s != '}' && s < end)
Expand Down