diff options
author | Victor Stinner <victor.stinner@haypocalc.com> | 2010-07-03 13:36:19 (GMT) |
---|---|---|
committer | Victor Stinner <victor.stinner@haypocalc.com> | 2010-07-03 13:36:19 (GMT) |
commit | 15e5b1bf0b6d53b8eed2e1c825f37efba64f317e (patch) | |
tree | 84f782714b7db5abf674bd44d89cf2f98dc2625f /Lib | |
parent | 7b18c93da6ead03e617ca3c35e1c28c5ff815cf5 (diff) | |
download | cpython-15e5b1bf0b6d53b8eed2e1c825f37efba64f317e.zip cpython-15e5b1bf0b6d53b8eed2e1c825f37efba64f317e.tar.gz cpython-15e5b1bf0b6d53b8eed2e1c825f37efba64f317e.tar.bz2 |
Issue #7673: Fix security vulnerability (CVE-2010-2089) in the audioop module,
ensure that the input string length is a multiple of the frame size
Diffstat (limited to 'Lib')
-rw-r--r-- | Lib/test/test_audioop.py | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/Lib/test/test_audioop.py b/Lib/test/test_audioop.py index 7bc2cd6..e03ceb5 100644 --- a/Lib/test/test_audioop.py +++ b/Lib/test/test_audioop.py @@ -20,6 +20,12 @@ def gendata4(): data = [gendata1(), gendata2(), gendata4()] +INVALID_DATA = [ + ('abc', 0), + ('abc', 2), + ('abc', 4), +] + class TestAudioop(unittest.TestCase): @@ -166,6 +172,33 @@ class TestAudioop(unittest.TestCase): self.assertRaises(audioop.error, audioop.findmax, ''.join( chr(x) for x in xrange(256)), -2392392) + def test_issue7673(self): + state = None + for data, size in INVALID_DATA: + size2 = size + self.assertRaises(audioop.error, audioop.getsample, data, size, 0) + self.assertRaises(audioop.error, audioop.max, data, size) + self.assertRaises(audioop.error, audioop.minmax, data, size) + self.assertRaises(audioop.error, audioop.avg, data, size) + self.assertRaises(audioop.error, audioop.rms, data, size) + self.assertRaises(audioop.error, audioop.avgpp, data, size) + self.assertRaises(audioop.error, audioop.maxpp, data, size) + self.assertRaises(audioop.error, audioop.cross, data, size) + self.assertRaises(audioop.error, audioop.mul, data, size, 1.0) + self.assertRaises(audioop.error, audioop.tomono, data, size, 0.5, 0.5) + self.assertRaises(audioop.error, audioop.tostereo, data, size, 0.5, 0.5) + self.assertRaises(audioop.error, audioop.add, data, data, size) + self.assertRaises(audioop.error, audioop.bias, data, size, 0) + self.assertRaises(audioop.error, audioop.reverse, data, size) + self.assertRaises(audioop.error, audioop.lin2lin, data, size, size2) + self.assertRaises(audioop.error, audioop.ratecv, data, size, 1, 1, 1, state) + self.assertRaises(audioop.error, audioop.lin2ulaw, data, size) + self.assertRaises(audioop.error, audioop.ulaw2lin, data, size) + self.assertRaises(audioop.error, audioop.lin2alaw, data, size) + self.assertRaises(audioop.error, audioop.alaw2lin, data, size) + self.assertRaises(audioop.error, audioop.lin2adpcm, data, size, state) + self.assertRaises(audioop.error, audioop.adpcm2lin, data, size, state) + def test_main(): run_unittest(TestAudioop) |