diff options
| -rw-r--r-- | Lib/test/test_io.py | 9 | ||||
| -rw-r--r-- | Misc/NEWS | 3 | ||||
| -rw-r--r-- | Modules/_io/bufferedio.c | 8 |
3 files changed, 20 insertions, 0 deletions
diff --git a/Lib/test/test_io.py b/Lib/test/test_io.py index 6efd010..9b89202 100644 --- a/Lib/test/test_io.py +++ b/Lib/test/test_io.py @@ -3019,6 +3019,15 @@ class MiscIOTest(unittest.TestCase): class CMiscIOTest(MiscIOTest): io = io + def test_readinto_buffer_overflow(self): + # Issue #18025 + class BadReader(self.io.BufferedIOBase): + def read(self, n=-1): + return b'x' * 10**6 + bufio = BadReader() + b = bytearray(2) + self.assertRaises(ValueError, bufio.readinto, b) + class PyMiscIOTest(MiscIOTest): io = pyio @@ -24,6 +24,9 @@ Core and Builtins Library ------- +- Issue #18025: Fixed a segfault in io.BufferedIOBase.readinto() when raw + stream's read() returns more bytes than requested. + - Issue #18011: base64.b32decode() now raises a binascii.Error if there are non-alphabet characters present in the input string to conform a docstring. Updated the module documentation. diff --git a/Modules/_io/bufferedio.c b/Modules/_io/bufferedio.c index 2b39f66..7f180a4 100644 --- a/Modules/_io/bufferedio.c +++ b/Modules/_io/bufferedio.c @@ -69,6 +69,14 @@ bufferediobase_readinto(PyObject *self, PyObject *args) } len = Py_SIZE(data); + if (len > buf.len) { + PyErr_Format(PyExc_ValueError, + "read() returned too much data: " + "%zd bytes requested, %zd returned", + buf.len, len); + Py_DECREF(data); + goto error; + } memcpy(buf.buf, PyBytes_AS_STRING(data), len); PyBuffer_Release(&buf); |