check the result of PyByteArray_Resize in readline() (closes #27211)

author: Benjamin Peterson <benjamin@python.org> 2016-06-04 05:20:44 (GMT)
committer: Benjamin Peterson <benjamin@python.org> 2016-06-04 05:20:44 (GMT)
commit: a48aa85da04fa158efa6a546cb7de6a1ac0b518b (patch)
tree: b2320b672281308c776bd4be60d3a7ddeda2c449
parent: bbf29ee6e4c5d46dfd48685cd65ef4bdd132dd40 (diff)
download: cpython-a48aa85da04fa158efa6a546cb7de6a1ac0b518b.zip
cpython-a48aa85da04fa158efa6a546cb7de6a1ac0b518b.tar.gz
cpython-a48aa85da04fa158efa6a546cb7de6a1ac0b518b.tar.bz2
2 files changed, 6 insertions, 1 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index 309cb62..71a9209 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -89,6 +89,8 @@ Core and Builtins
 Library
 -------
 
+- Issue #27211: Fix possible memory corruption in io.IOBase.readline().
+
 - Issue #27114: Fix SSLContext._load_windows_store_certs fails with
   PermissionError
 
diff --git a/Modules/_io/iobase.c b/Modules/_io/iobase.c
index ab6911d..61756d0 100644
--- a/Modules/_io/iobase.c
+++ b/Modules/_io/iobase.c
@@ -529,7 +529,10 @@ iobase_readline(PyObject *self, PyObject *args)
         }
 
         old_size = PyByteArray_GET_SIZE(buffer);
-        PyByteArray_Resize(buffer, old_size + PyBytes_GET_SIZE(b));
+        if (PyByteArray_Resize(buffer, old_size + PyBytes_GET_SIZE(b)) < 0) {
+            Py_DECREF(b);
+            goto fail;
+        }
         memcpy(PyByteArray_AS_STRING(buffer) + old_size,
                PyBytes_AS_STRING(b), PyBytes_GET_SIZE(b));
author	Benjamin Peterson <benjamin@python.org>	2016-06-04 05:20:44 (GMT)
committer	Benjamin Peterson <benjamin@python.org>	2016-06-04 05:20:44 (GMT)
commit	a48aa85da04fa158efa6a546cb7de6a1ac0b518b (patch)
tree	b2320b672281308c776bd4be60d3a7ddeda2c449
parent	bbf29ee6e4c5d46dfd48685cd65ef4bdd132dd40 (diff)
download	cpython-a48aa85da04fa158efa6a546cb7de6a1ac0b518b.zip cpython-a48aa85da04fa158efa6a546cb7de6a1ac0b518b.tar.gz cpython-a48aa85da04fa158efa6a546cb7de6a1ac0b518b.tar.bz2