diff options
| author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2025-05-13 13:25:08 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-05-13 13:25:08 (GMT) |
| commit | 69b4387f78f413e8c47572a85b3478c47eba8142 (patch) | |
| tree | 30bc6e580011bda809575c500cf3692edcb6a220 /Include/internal/pycore_unicodeobject.h | |
| parent | f0a7a6c2cc066523fc03d312cfebff8135d81aa2 (diff) | |
| download | cpython-69b4387f78f413e8c47572a85b3478c47eba8142.zip cpython-69b4387f78f413e8c47572a85b3478c47eba8142.tar.gz cpython-69b4387f78f413e8c47572a85b3478c47eba8142.tar.bz2 | |
[3.14] gh-133767: Fix use-after-free in the unicode-escape decoder with an error handler (GH-129648) (GH-133942)
If the error handler is used, a new bytes object is created to set as
the object attribute of UnicodeDecodeError, and that bytes object then
replaces the original data. A pointer to the decoded data will became invalid
after destroying that temporary bytes object. So we need other way to return
the first invalid escape from _PyUnicode_DecodeUnicodeEscapeInternal().
_PyBytes_DecodeEscape() does not have such issue, because it does not
use the error handlers registry, but it should be changed for compatibility
with _PyUnicode_DecodeUnicodeEscapeInternal().
(cherry picked from commit 9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Diffstat (limited to 'Include/internal/pycore_unicodeobject.h')
| -rw-r--r-- | Include/internal/pycore_unicodeobject.h | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/Include/internal/pycore_unicodeobject.h b/Include/internal/pycore_unicodeobject.h index c85d53b..3791b91 100644 --- a/Include/internal/pycore_unicodeobject.h +++ b/Include/internal/pycore_unicodeobject.h @@ -139,14 +139,18 @@ extern PyObject* _PyUnicode_DecodeUnicodeEscapeStateful( // Helper for PyUnicode_DecodeUnicodeEscape that detects invalid escape // chars. // Export for test_peg_generator. -PyAPI_FUNC(PyObject*) _PyUnicode_DecodeUnicodeEscapeInternal( +PyAPI_FUNC(PyObject*) _PyUnicode_DecodeUnicodeEscapeInternal2( const char *string, /* Unicode-Escape encoded string */ Py_ssize_t length, /* size of string */ const char *errors, /* error handling */ Py_ssize_t *consumed, /* bytes consumed */ - const char **first_invalid_escape); /* on return, points to first - invalid escaped char in - string. */ + int *first_invalid_escape_char, /* on return, if not -1, contain the first + invalid escaped char (<= 0xff) or invalid + octal escape (> 0xff) in string. */ + const char **first_invalid_escape_ptr); /* on return, if not NULL, may + point to the first invalid escaped + char in string. + May be NULL if errors is not NULL. */ /* --- Raw-Unicode-Escape Codecs ---------------------------------------------- */ |