Issue #17043: The unicode-internal decoder no longer read past the end of

input buffer.
author: Serhiy Storchaka <storchaka@gmail.com> 2013-02-07 14:23:11 (GMT)
committer: Serhiy Storchaka <storchaka@gmail.com> 2013-02-07 14:23:11 (GMT)
commit: d5327d95d2c345f384cc9d03be0d9c4e8773b277 (patch)
tree: 74e52941161cdeecf518a2647568cddc5a4ba84d /Objects
parent: 4a880414447c9a8f9db7711275ff33c552d86642 (diff)
download: cpython-d5327d95d2c345f384cc9d03be0d9c4e8773b277.zip
cpython-d5327d95d2c345f384cc9d03be0d9c4e8773b277.tar.gz
cpython-d5327d95d2c345f384cc9d03be0d9c4e8773b277.tar.bz2
1 files changed, 24 insertions, 27 deletions
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index 5fbd24d..981a98b 100644
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -3376,37 +3376,34 @@ PyObject *_PyUnicode_DecodeUnicodeInternal(const char *s,
     end = s + size;
 
     while (s < end) {
+        if (end-s < Py_UNICODE_SIZE) {
+            endinpos = end-starts;
+            reason = "truncated input";
+            goto error;
+        }
         memcpy(p, s, sizeof(Py_UNICODE));
+#ifdef Py_UNICODE_WIDE
         /* We have to sanity check the raw data, otherwise doom looms for
            some malformed UCS-4 data. */
-        if (
-#ifdef Py_UNICODE_WIDE
-            *p > unimax || *p < 0 ||
-#endif
-            end-s < Py_UNICODE_SIZE
-            )
-        {
-            startinpos = s - starts;
-            if (end-s < Py_UNICODE_SIZE) {
-                endinpos = end-starts;
-                reason = "truncated input";
-            }
-            else {
-                endinpos = s - starts + Py_UNICODE_SIZE;
-                reason = "illegal code point (> 0x10FFFF)";
-            }
-            outpos = p - PyUnicode_AS_UNICODE(v);
-            if (unicode_decode_call_errorhandler(
-                    errors, &errorHandler,
-                    "unicode_internal", reason,
-                    starts, size, &startinpos, &endinpos, &exc, &s,
-                    &v, &outpos, &p)) {
-                goto onError;
-            }
+        if (*p > unimax || *p < 0) {
+            endinpos = s - starts + Py_UNICODE_SIZE;
+            reason = "illegal code point (> 0x10FFFF)";
+            goto error;
         }
-        else {
-            p++;
-            s += Py_UNICODE_SIZE;
+#endif
+        p++;
+        s += Py_UNICODE_SIZE;
+        continue;
+
+  error:
+        startinpos = s - starts;
+        outpos = p - PyUnicode_AS_UNICODE(v);
+        if (unicode_decode_call_errorhandler(
+                errors, &errorHandler,
+                "unicode_internal", reason,
+                starts, size, &startinpos, &endinpos, &exc, &s,
+                &v, &outpos, &p)) {
+            goto onError;
         }
     }
author	Serhiy Storchaka <storchaka@gmail.com>	2013-02-07 14:23:11 (GMT)
committer	Serhiy Storchaka <storchaka@gmail.com>	2013-02-07 14:23:11 (GMT)
commit	d5327d95d2c345f384cc9d03be0d9c4e8773b277 (patch)
tree	74e52941161cdeecf518a2647568cddc5a4ba84d /Objects
parent	4a880414447c9a8f9db7711275ff33c552d86642 (diff)
download	cpython-d5327d95d2c345f384cc9d03be0d9c4e8773b277.zip cpython-d5327d95d2c345f384cc9d03be0d9c4e8773b277.tar.gz cpython-d5327d95d2c345f384cc9d03be0d9c4e8773b277.tar.bz2