bpo-34087: Fix buffer overflow in int(s) and similar functions (GH-8274)

`_PyUnicode_TransformDecimalAndSpaceToASCII()` missed trailing NUL char. It caused buffer overflow in `_Py_string_to_number_with_underscores()`. This bug is introduced in 9b6c60cb. (cherry picked from commit 16dfca4d829e45f36e71bf43f83226659ce49315) Co-authored-by: INADA Naoki <methane@users.noreply.github.com>
author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> 2018-07-14 03:58:12 (GMT)
committer: GitHub <noreply@github.com> 2018-07-14 03:58:12 (GMT)
commit: c721472fb83d1f7c7606bcf33ba2d42d6127a764 (patch)
tree: 5423358bf1045bb2902ddbf92a772c2689146b35 /Python/pystrtod.c
parent: cf21d0031dd84544d4108765553c2b03dfe726c5 (diff)
download: cpython-c721472fb83d1f7c7606bcf33ba2d42d6127a764.zip
cpython-c721472fb83d1f7c7606bcf33ba2d42d6127a764.tar.gz
cpython-c721472fb83d1f7c7606bcf33ba2d42d6127a764.tar.bz2
1 files changed, 2 insertions, 0 deletions
diff --git a/Python/pystrtod.c b/Python/pystrtod.c
index 9bf9363..141a47a 100644
--- a/Python/pystrtod.c
+++ b/Python/pystrtod.c
@@ -391,6 +391,8 @@ _Py_string_to_number_with_underscores(
     char *dup, *end;
     PyObject *result;
 
+    assert(s[orig_len] == '\0');
+
     if (strchr(s, '_') == NULL) {
         return innerfunc(s, orig_len, arg);
     }
author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	2018-07-14 03:58:12 (GMT)
committer	GitHub <noreply@github.com>	2018-07-14 03:58:12 (GMT)
commit	c721472fb83d1f7c7606bcf33ba2d42d6127a764 (patch)
tree	5423358bf1045bb2902ddbf92a772c2689146b35 /Python/pystrtod.c
parent	cf21d0031dd84544d4108765553c2b03dfe726c5 (diff)
download	cpython-c721472fb83d1f7c7606bcf33ba2d42d6127a764.zip cpython-c721472fb83d1f7c7606bcf33ba2d42d6127a764.tar.gz cpython-c721472fb83d1f7c7606bcf33ba2d42d6127a764.tar.bz2