diff options
| author | Gregory P. Smith <greg@krypto.org> | 2018-11-13 21:16:54 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-11-13 21:16:54 (GMT) |
| commit | 746b2d35ea47005054ed774fecaed64fab803d7d (patch) | |
| tree | 95df1265514b578a9c2dcc2898bbce2f100dd064 /Objects/unicodeobject.c | |
| parent | 00b137c72f90fbc39a6cd7e48b37c58d19977180 (diff) | |
| download | cpython-746b2d35ea47005054ed774fecaed64fab803d7d.zip cpython-746b2d35ea47005054ed774fecaed64fab803d7d.tar.gz cpython-746b2d35ea47005054ed774fecaed64fab803d7d.tar.bz2 | |
bpo-35214: Fix OOB memory access in unicode escape parser (GH-10506)
Discovered using clang's MemorySanitizer when it ran python3's
test_fstring test_misformed_unicode_character_name.
An msan build will fail by simply executing: ./python -c 'u"\N"'
Diffstat (limited to 'Objects/unicodeobject.c')
| -rw-r--r-- | Objects/unicodeobject.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c index e5d026f..04ca5f3 100644 --- a/Objects/unicodeobject.c +++ b/Objects/unicodeobject.c @@ -6069,7 +6069,7 @@ _PyUnicode_DecodeUnicodeEscape(const char *s, } message = "malformed \\N character escape"; - if (*s == '{') { + if (s < end && *s == '{') { const char *start = ++s; size_t namelen; /* look for the closing brace */ |