summaryrefslogtreecommitdiffstats
path: root/Objects/abstract.c
diff options
context:
space:
mode:
authorMartin Panter <vadmium+py@gmail.com>2015-11-07 02:32:21 (GMT)
committerMartin Panter <vadmium+py@gmail.com>2015-11-07 02:32:21 (GMT)
commiteeb896c4116dd763efea45cb3c1b53257128f4e4 (patch)
tree34e8df45212ee5c99849dfca30977b92901615d6 /Objects/abstract.c
parent9ad0aae6566311c6982a20955381cda5a2954519 (diff)
downloadcpython-eeb896c4116dd763efea45cb3c1b53257128f4e4.zip
cpython-eeb896c4116dd763efea45cb3c1b53257128f4e4.tar.gz
cpython-eeb896c4116dd763efea45cb3c1b53257128f4e4.tar.bz2
Issue #24802: Copy bytes-like objects to null-terminated buffers if necessary
This avoids possible buffer overreads when int(), float(), compile(), exec() and eval() are passed bytes-like objects. Similar code is removed from the complex() constructor, where it was not reachable. Patch by John Leitch, Serhiy Storchaka and Martin Panter.
Diffstat (limited to 'Objects/abstract.c')
-rw-r--r--Objects/abstract.c22
1 files changed, 20 insertions, 2 deletions
diff --git a/Objects/abstract.c b/Objects/abstract.c
index a20a84c..5e96138 100644
--- a/Objects/abstract.c
+++ b/Objects/abstract.c
@@ -1264,12 +1264,30 @@ PyNumber_Long(PyObject *o)
/* The below check is done in PyLong_FromUnicode(). */
return PyLong_FromUnicodeObject(o, 10);
- if (PyObject_GetBuffer(o, &view, PyBUF_SIMPLE) == 0) {
+ if (PyBytes_Check(o))
/* need to do extra error checking that PyLong_FromString()
* doesn't do. In particular int('9\x005') must raise an
* exception, not truncate at the null.
*/
- PyObject *result = _PyLong_FromBytes(view.buf, view.len, 10);
+ return _PyLong_FromBytes(PyBytes_AS_STRING(o),
+ PyBytes_GET_SIZE(o), 10);
+
+ if (PyByteArray_Check(o))
+ return _PyLong_FromBytes(PyByteArray_AS_STRING(o),
+ PyByteArray_GET_SIZE(o), 10);
+
+ if (PyObject_GetBuffer(o, &view, PyBUF_SIMPLE) == 0) {
+ PyObject *result, *bytes;
+
+ /* Copy to NUL-terminated buffer. */
+ bytes = PyBytes_FromStringAndSize((const char *)view.buf, view.len);
+ if (bytes == NULL) {
+ PyBuffer_Release(&view);
+ return NULL;
+ }
+ result = _PyLong_FromBytes(PyBytes_AS_STRING(bytes),
+ PyBytes_GET_SIZE(bytes), 10);
+ Py_DECREF(bytes);
PyBuffer_Release(&view);
return result;
}