From b67170114949f13c1eacf6d58a06482bb7b78dd0 Mon Sep 17 00:00:00 2001 From: Eli Bendersky Date: Sun, 4 Aug 2013 06:09:49 -0700 Subject: Issue #13612: Fix a buffer overflow in case of a multi-byte encoding. This is a belated backport of f7b47fb30169; Patch by Serhiy Storchaka. --- Lib/test/test_xml_etree.py | 6 ++++++ Modules/_elementtree.c | 2 ++ Modules/pyexpat.c | 7 +++++++ 3 files changed, 15 insertions(+) diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py index 4f06d20..adb7852 100644 --- a/Lib/test/test_xml_etree.py +++ b/Lib/test/test_xml_etree.py @@ -883,6 +883,12 @@ def check_encoding(encoding): >>> check_encoding("iso-8859-15") >>> check_encoding("cp437") >>> check_encoding("mac-roman") + >>> check_encoding("gbk") + Traceback (most recent call last): + ValueError: multi-byte encodings are not supported + >>> check_encoding("cp037") + Traceback (most recent call last): + ParseError: unknown encoding: line 1, column 30 """ ET.XML("" % encoding) diff --git a/Modules/_elementtree.c b/Modules/_elementtree.c index 379aa01..b9abcac 100644 --- a/Modules/_elementtree.c +++ b/Modules/_elementtree.c @@ -2427,6 +2427,8 @@ expat_unknown_encoding_handler(XMLParserObject *self, const XML_Char *name, if (PyUnicode_GET_SIZE(u) != 256) { Py_DECREF(u); + PyErr_SetString(PyExc_ValueError, + "multi-byte encodings are not supported"); return XML_STATUS_ERROR; } diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c index f269113..8de3fb1 100644 --- a/Modules/pyexpat.c +++ b/Modules/pyexpat.c @@ -1252,6 +1252,13 @@ PyUnknownEncodingHandler(void *encodingHandlerData, if (_u_string == NULL) return result; + if (PyUnicode_GET_SIZE(_u_string) != 256) { + Py_DECREF(_u_string); + PyErr_SetString(PyExc_ValueError, + "multi-byte encodings are not supported"); + return result; + } + for (i = 0; i < 256; i++) { /* Stupid to access directly, but fast */ Py_UNICODE c = _u_string->str[i]; -- cgit v0.12