diff options
| author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2025-07-13 13:58:03 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-07-13 13:58:03 (GMT) |
| commit | 348e22cf060695fbd57f099b94f0f9067bb49fca (patch) | |
| tree | 5922d8aed5cc0fd74bb75ef1fa2673dc10ebfecf | |
| parent | ed1e0cdc581d328177992e45c74d497c7da22ce2 (diff) | |
| download | cpython-348e22cf060695fbd57f099b94f0f9067bb49fca.zip cpython-348e22cf060695fbd57f099b94f0f9067bb49fca.tar.gz cpython-348e22cf060695fbd57f099b94f0f9067bb49fca.tar.bz2 | |
[3.14] gh-127971: fix off-by-one read beyond the end of a string during search (GH-132574) (#136628)
gh-127971: fix off-by-one read beyond the end of a string during search (GH-132574)
(cherry picked from commit 85ec3b3b503ffd5b7e45f8b3fa2cec0c10e4bef0)
Co-authored-by: Duane Griffin <duaneg@dghda.com>
| -rw-r--r-- | Lib/test/string_tests.py | 9 | ||||
| -rw-r--r-- | Misc/NEWS.d/next/Core_and_Builtins/2025-04-16-12-01-13.gh-issue-127971.pMDOQ0.rst | 1 | ||||
| -rw-r--r-- | Objects/stringlib/fastsearch.h | 8 |
3 files changed, 14 insertions, 4 deletions
diff --git a/Lib/test/string_tests.py b/Lib/test/string_tests.py index 4b82d51..1814a55 100644 --- a/Lib/test/string_tests.py +++ b/Lib/test/string_tests.py @@ -767,6 +767,15 @@ class BaseTest: self.checkraises(TypeError, 'hello', 'replace', 42, 'h') self.checkraises(TypeError, 'hello', 'replace', 'h', 42) + def test_replacement_on_buffer_boundary(self): + # gh-127971: Check we don't read past the end of the buffer when a + # potential match misses on the last character. + any_3_nonblank_codepoints = '!!!' + seven_codepoints = any_3_nonblank_codepoints + ' ' + any_3_nonblank_codepoints + a = (' ' * 243) + seven_codepoints + (' ' * 7) + b = ' ' * 6 + chr(256) + a.replace(seven_codepoints, b) + def test_replace_uses_two_way_maxcount(self): # Test that maxcount works in _two_way_count in fastsearch.h A, B = "A"*1000, "B"*1000 diff --git a/Misc/NEWS.d/next/Core_and_Builtins/2025-04-16-12-01-13.gh-issue-127971.pMDOQ0.rst b/Misc/NEWS.d/next/Core_and_Builtins/2025-04-16-12-01-13.gh-issue-127971.pMDOQ0.rst new file mode 100644 index 0000000..ced7a9c --- /dev/null +++ b/Misc/NEWS.d/next/Core_and_Builtins/2025-04-16-12-01-13.gh-issue-127971.pMDOQ0.rst @@ -0,0 +1 @@ +Fix off-by-one read beyond the end of a string in string search. diff --git a/Objects/stringlib/fastsearch.h b/Objects/stringlib/fastsearch.h index 05e700b..b447865 100644 --- a/Objects/stringlib/fastsearch.h +++ b/Objects/stringlib/fastsearch.h @@ -595,7 +595,7 @@ STRINGLIB(default_find)(const STRINGLIB_CHAR* s, Py_ssize_t n, continue; } /* miss: check if next character is part of pattern */ - if (!STRINGLIB_BLOOM(mask, ss[i+1])) { + if (i + 1 <= w && !STRINGLIB_BLOOM(mask, ss[i+1])) { i = i + m; } else { @@ -604,7 +604,7 @@ STRINGLIB(default_find)(const STRINGLIB_CHAR* s, Py_ssize_t n, } else { /* skip: check if next character is part of pattern */ - if (!STRINGLIB_BLOOM(mask, ss[i+1])) { + if (i + 1 <= w && !STRINGLIB_BLOOM(mask, ss[i+1])) { i = i + m; } } @@ -668,7 +668,7 @@ STRINGLIB(adaptive_find)(const STRINGLIB_CHAR* s, Py_ssize_t n, } } /* miss: check if next character is part of pattern */ - if (!STRINGLIB_BLOOM(mask, ss[i+1])) { + if (i + 1 <= w && !STRINGLIB_BLOOM(mask, ss[i+1])) { i = i + m; } else { @@ -677,7 +677,7 @@ STRINGLIB(adaptive_find)(const STRINGLIB_CHAR* s, Py_ssize_t n, } else { /* skip: check if next character is part of pattern */ - if (!STRINGLIB_BLOOM(mask, ss[i+1])) { + if (i + 1 <= w && !STRINGLIB_BLOOM(mask, ss[i+1])) { i = i + m; } } |