diff options
| author | Pablo Galindo Salgado <Pablogsal@gmail.com> | 2022-11-20 20:20:03 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-20 20:20:03 (GMT) |
| commit | e13d1d9dda8c27691180bc618bd5e9bf43dfa89f (patch) | |
| tree | b680a71e84cecd3d6554a75ddcabc408586588ca /Parser/tokenizer.c | |
| parent | abf5b6ff43c5e238e2d577c95ed27bc8ff01afd5 (diff) | |
| download | cpython-e13d1d9dda8c27691180bc618bd5e9bf43dfa89f.zip cpython-e13d1d9dda8c27691180bc618bd5e9bf43dfa89f.tar.gz cpython-e13d1d9dda8c27691180bc618bd5e9bf43dfa89f.tar.bz2 | |
gh-99581: Fix a buffer overflow in the tokenizer when copying lines that fill the available buffer (#99605)
Diffstat (limited to 'Parser/tokenizer.c')
| -rw-r--r-- | Parser/tokenizer.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/Parser/tokenizer.c b/Parser/tokenizer.c index f2131cf..ce72e15 100644 --- a/Parser/tokenizer.c +++ b/Parser/tokenizer.c @@ -413,7 +413,11 @@ tok_readline_recode(struct tok_state *tok) { error_ret(tok); goto error; } - if (!tok_reserve_buf(tok, buflen + 1)) { + // Make room for the null terminator *and* potentially + // an extra newline character that we may need to artificially + // add. + size_t buffer_size = buflen + 2; + if (!tok_reserve_buf(tok, buffer_size)) { goto error; } memcpy(tok->inp, buf, buflen); @@ -1000,6 +1004,7 @@ tok_underflow_file(struct tok_state *tok) { return 0; } if (tok->inp[-1] != '\n') { + assert(tok->inp + 1 < tok->end); /* Last line does not end in \n, fake one */ *tok->inp++ = '\n'; *tok->inp = '\0'; |