diff options
| author | Georg Brandl <georg@python.org> | 2007-11-02 22:46:38 +0000 |
|---|---|---|
| committer | Georg Brandl <georg@python.org> | 2007-11-02 22:46:38 +0000 |
| commit | 1dcb9c93fd5e69ed9af89a65976bddd5ec15474b (patch) | |
| tree | 6b4b61d808049b05e98a07e2490b1983d30bee9a | |
| parent | 2c3e0d94b2357d53e3a460dec244b1e98462ede4 (diff) | |
| download | cpython-git-1dcb9c93fd5e69ed9af89a65976bddd5ec15474b.tar.gz | |
Backport r58709 from trunk:
Backport fixes for the code that decodes octal escapes (and for PyString
also hex escapes) -- this was reaching beyond the end of the input string
buffer, even though it is not supposed to be \0-terminated.
This has no visible effect but is clearly the correct thing to do.
(In 3.0 it had a visible effect after removing ob_sstate from PyString.)
Also fixes #1098.
| -rw-r--r-- | Objects/stringobject.c | 10 | ||||
| -rw-r--r-- | Objects/unicodeobject.c | 9 |
2 files changed, 12 insertions, 7 deletions
diff --git a/Objects/stringobject.c b/Objects/stringobject.c index 12fbaed5fd..0e3dc4f780 100644 --- a/Objects/stringobject.c +++ b/Objects/stringobject.c @@ -616,16 +616,18 @@ PyObject *PyString_DecodeEscape(const char *s, case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': c = s[-1] - '0'; - if ('0' <= *s && *s <= '7') { + if (s < end && '0' <= *s && *s <= '7') { c = (c<<3) + *s++ - '0'; - if ('0' <= *s && *s <= '7') + if (s < end && '0' <= *s && *s <= '7') c = (c<<3) + *s++ - '0'; } *p++ = c; break; case 'x': - if (isxdigit(Py_CHARMASK(s[0])) - && isxdigit(Py_CHARMASK(s[1]))) { + if (s+1 < end && + isxdigit(Py_CHARMASK(s[0])) && + isxdigit(Py_CHARMASK(s[1]))) + { unsigned int x = 0; c = Py_CHARMASK(*s); s++; diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c index 10a8385b9c..7f676a9dc4 100644 --- a/Objects/unicodeobject.c +++ b/Objects/unicodeobject.c @@ -1813,7 +1813,10 @@ PyObject *PyUnicode_DecodeUnicodeEscape(const char *s, startinpos = s-starts; /* \ - Escapes */ s++; - switch (*s++) { + c = *s++; + if (s > end) + c = '\0'; /* Invalid after \ */ + switch (c) { /* \x escapes */ case '\n': break; @@ -1832,9 +1835,9 @@ PyObject *PyUnicode_DecodeUnicodeEscape(const char *s, case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': x = s[-1] - '0'; - if ('0' <= *s && *s <= '7') { + if (s < end && '0' <= *s && *s <= '7') { x = (x<<3) + *s++ - '0'; - if ('0' <= *s && *s <= '7') + if (s < end && '0' <= *s && *s <= '7') x = (x<<3) + *s++ - '0'; } *p++ = x; |