summaryrefslogtreecommitdiffstats
path: root/Lib
diff options
context:
space:
mode:
authorVictor Stinner <victor.stinner@haypocalc.com>2010-07-03 13:36:19 (GMT)
committerVictor Stinner <victor.stinner@haypocalc.com>2010-07-03 13:36:19 (GMT)
commit15e5b1bf0b6d53b8eed2e1c825f37efba64f317e (patch)
tree84f782714b7db5abf674bd44d89cf2f98dc2625f /Lib
parent7b18c93da6ead03e617ca3c35e1c28c5ff815cf5 (diff)
downloadcpython-15e5b1bf0b6d53b8eed2e1c825f37efba64f317e.zip
cpython-15e5b1bf0b6d53b8eed2e1c825f37efba64f317e.tar.gz
cpython-15e5b1bf0b6d53b8eed2e1c825f37efba64f317e.tar.bz2
Issue #7673: Fix security vulnerability (CVE-2010-2089) in the audioop module,
ensure that the input string length is a multiple of the frame size
Diffstat (limited to 'Lib')
-rw-r--r--Lib/test/test_audioop.py33
1 files changed, 33 insertions, 0 deletions
diff --git a/Lib/test/test_audioop.py b/Lib/test/test_audioop.py
index 7bc2cd6..e03ceb5 100644
--- a/Lib/test/test_audioop.py
+++ b/Lib/test/test_audioop.py
@@ -20,6 +20,12 @@ def gendata4():
data = [gendata1(), gendata2(), gendata4()]
+INVALID_DATA = [
+ ('abc', 0),
+ ('abc', 2),
+ ('abc', 4),
+]
+
class TestAudioop(unittest.TestCase):
@@ -166,6 +172,33 @@ class TestAudioop(unittest.TestCase):
self.assertRaises(audioop.error,
audioop.findmax, ''.join( chr(x) for x in xrange(256)), -2392392)
+ def test_issue7673(self):
+ state = None
+ for data, size in INVALID_DATA:
+ size2 = size
+ self.assertRaises(audioop.error, audioop.getsample, data, size, 0)
+ self.assertRaises(audioop.error, audioop.max, data, size)
+ self.assertRaises(audioop.error, audioop.minmax, data, size)
+ self.assertRaises(audioop.error, audioop.avg, data, size)
+ self.assertRaises(audioop.error, audioop.rms, data, size)
+ self.assertRaises(audioop.error, audioop.avgpp, data, size)
+ self.assertRaises(audioop.error, audioop.maxpp, data, size)
+ self.assertRaises(audioop.error, audioop.cross, data, size)
+ self.assertRaises(audioop.error, audioop.mul, data, size, 1.0)
+ self.assertRaises(audioop.error, audioop.tomono, data, size, 0.5, 0.5)
+ self.assertRaises(audioop.error, audioop.tostereo, data, size, 0.5, 0.5)
+ self.assertRaises(audioop.error, audioop.add, data, data, size)
+ self.assertRaises(audioop.error, audioop.bias, data, size, 0)
+ self.assertRaises(audioop.error, audioop.reverse, data, size)
+ self.assertRaises(audioop.error, audioop.lin2lin, data, size, size2)
+ self.assertRaises(audioop.error, audioop.ratecv, data, size, 1, 1, 1, state)
+ self.assertRaises(audioop.error, audioop.lin2ulaw, data, size)
+ self.assertRaises(audioop.error, audioop.ulaw2lin, data, size)
+ self.assertRaises(audioop.error, audioop.lin2alaw, data, size)
+ self.assertRaises(audioop.error, audioop.alaw2lin, data, size)
+ self.assertRaises(audioop.error, audioop.lin2adpcm, data, size, state)
+ self.assertRaises(audioop.error, audioop.adpcm2lin, data, size, state)
+
def test_main():
run_unittest(TestAudioop)