diff options
author | Philip Jenvey <pjenvey@underboss.org> | 2012-10-27 00:01:53 (GMT) |
---|---|---|
committer | Philip Jenvey <pjenvey@underboss.org> | 2012-10-27 00:01:53 (GMT) |
commit | 45c41494bf4992d6c2a0bd1fca3d0dff164ec4ba (patch) | |
tree | a9d7476ad71104566d8b3dc591450cb039f3d90f /Python | |
parent | a20879ffc8dfebab5b6949bed9b13453c8a6cde3 (diff) | |
download | cpython-45c41494bf4992d6c2a0bd1fca3d0dff164ec4ba.zip cpython-45c41494bf4992d6c2a0bd1fca3d0dff164ec4ba.tar.gz cpython-45c41494bf4992d6c2a0bd1fca3d0dff164ec4ba.tar.bz2 |
bounds check for bad data (thanks amaury)
Diffstat (limited to 'Python')
-rw-r--r-- | Python/codecs.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/Python/codecs.c b/Python/codecs.c index c7f4a9c..90f1cf6 100644 --- a/Python/codecs.c +++ b/Python/codecs.c @@ -821,9 +821,10 @@ PyCodec_SurrogatePassErrors(PyObject *exc) /* Try decoding a single surrogate character. If there are more, let the codec call us again. */ p += start; - if ((p[0] & 0xf0) == 0xe0 || - (p[1] & 0xc0) == 0x80 || - (p[2] & 0xc0) == 0x80) { + if (strlen(p) > 2 && + ((p[0] & 0xf0) == 0xe0 || + (p[1] & 0xc0) == 0x80 || + (p[2] & 0xc0) == 0x80)) { /* it's a three-byte code */ ch = ((p[0] & 0x0f) << 12) + ((p[1] & 0x3f) << 6) + (p[2] & 0x3f); if (ch < 0xd800 || ch > 0xdfff) |