Issue #14579: Fix CVE-2012-2135: vulnerability in the utf-16 decoder after error handling.

Patch by Serhiy Storchaka.
author: Antoine Pitrou <solipsis@pitrou.net> 2012-07-20 22:45:14 (GMT)
committer: Antoine Pitrou <solipsis@pitrou.net> 2012-07-20 22:45:14 (GMT)
commit: b4bbee25b1e3f4bccac222f806b3138fb72439d6 (patch)
tree: 586129fbe8b38a553772635efa1ff753e5c7be70 /Lib
parent: ca9652ea5d1d9ebddd1acf6abbbf3751bc366a44 (diff)
download: cpython-b4bbee25b1e3f4bccac222f806b3138fb72439d6.zip
cpython-b4bbee25b1e3f4bccac222f806b3138fb72439d6.tar.gz
cpython-b4bbee25b1e3f4bccac222f806b3138fb72439d6.tar.bz2
1 files changed, 26 insertions, 4 deletions
diff --git a/Lib/test/test_codecs.py b/Lib/test/test_codecs.py
index 4899a59..3426a4d 100644
--- a/Lib/test/test_codecs.py
+++ b/Lib/test/test_codecs.py
@@ -540,8 +540,19 @@ class UTF16LETest(ReadTest):
         )
 
     def test_errors(self):
-        self.assertRaises(UnicodeDecodeError, codecs.utf_16_le_decode,
-                          b"\xff", "strict", True)
+        tests = [
+            (b'\xff', '\ufffd'),
+            (b'A\x00Z', 'A\ufffd'),
+            (b'A\x00B\x00C\x00D\x00Z', 'ABCD\ufffd'),
+            (b'\x00\xd8', '\ufffd'),
+            (b'\x00\xd8A', '\ufffd'),
+            (b'\x00\xd8A\x00', '\ufffdA'),
+            (b'\x00\xdcA\x00', '\ufffdA'),
+        ]
+        for raw, expected in tests:
+            self.assertRaises(UnicodeDecodeError, codecs.utf_16_le_decode,
+                              raw, 'strict', True)
+            self.assertEqual(raw.decode('utf-16le', 'replace'), expected)
 
     def test_nonbmp(self):
         self.assertEqual("\U00010203".encode(self.encoding),
@@ -568,8 +579,19 @@ class UTF16BETest(ReadTest):
         )
 
     def test_errors(self):
-        self.assertRaises(UnicodeDecodeError, codecs.utf_16_be_decode,
-                          b"\xff", "strict", True)
+        tests = [
+            (b'\xff', '\ufffd'),
+            (b'\x00A\xff', 'A\ufffd'),
+            (b'\x00A\x00B\x00C\x00DZ', 'ABCD\ufffd'),
+            (b'\xd8\x00', '\ufffd'),
+            (b'\xd8\x00\xdc', '\ufffd'),
+            (b'\xd8\x00\x00A', '\ufffdA'),
+            (b'\xdc\x00\x00A', '\ufffdA'),
+        ]
+        for raw, expected in tests:
+            self.assertRaises(UnicodeDecodeError, codecs.utf_16_be_decode,
+                              raw, 'strict', True)
+            self.assertEqual(raw.decode('utf-16be', 'replace'), expected)
 
     def test_nonbmp(self):
         self.assertEqual("\U00010203".encode(self.encoding),
author	Antoine Pitrou <solipsis@pitrou.net>	2012-07-20 22:45:14 (GMT)
committer	Antoine Pitrou <solipsis@pitrou.net>	2012-07-20 22:45:14 (GMT)
commit	b4bbee25b1e3f4bccac222f806b3138fb72439d6 (patch)
tree	586129fbe8b38a553772635efa1ff753e5c7be70 /Lib
parent	ca9652ea5d1d9ebddd1acf6abbbf3751bc366a44 (diff)
download	cpython-b4bbee25b1e3f4bccac222f806b3138fb72439d6.zip cpython-b4bbee25b1e3f4bccac222f806b3138fb72439d6.tar.gz cpython-b4bbee25b1e3f4bccac222f806b3138fb72439d6.tar.bz2