diff options
| author | INADA Naoki <methane@users.noreply.github.com> | 2018-07-14 03:06:43 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-07-14 03:06:43 (GMT) |
| commit | 16dfca4d829e45f36e71bf43f83226659ce49315 (patch) | |
| tree | f06c2f627ae2b4984d1c56ae97248b6eb5c51c38 /Objects | |
| parent | cafaf0447b950fd4f59edd8cbde040c61ae528f8 (diff) | |
| download | cpython-16dfca4d829e45f36e71bf43f83226659ce49315.zip cpython-16dfca4d829e45f36e71bf43f83226659ce49315.tar.gz cpython-16dfca4d829e45f36e71bf43f83226659ce49315.tar.bz2 | |
bpo-34087: Fix buffer overflow in int(s) and similar functions (GH-8274)
`_PyUnicode_TransformDecimalAndSpaceToASCII()` missed trailing NUL char.
It caused buffer overflow in `_Py_string_to_number_with_underscores()`.
This bug is introduced in 9b6c60cb.
Diffstat (limited to 'Objects')
| -rw-r--r-- | Objects/unicodeobject.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c index 80d1bba..2b06f15 100644 --- a/Objects/unicodeobject.c +++ b/Objects/unicodeobject.c @@ -9072,6 +9072,7 @@ _PyUnicode_TransformDecimalAndSpaceToASCII(PyObject *unicode) int decimal = Py_UNICODE_TODECIMAL(ch); if (decimal < 0) { out[i] = '?'; + out[i+1] = '\0'; _PyUnicode_LENGTH(result) = i + 1; break; } @@ -9079,6 +9080,7 @@ _PyUnicode_TransformDecimalAndSpaceToASCII(PyObject *unicode) } } + assert(_PyUnicode_CheckConsistency(result, 1)); return result; } |