Grow the allocated buffer in PyUnicode_EncodeUTF7 to avoid buffer overrun.

Without this change, test_unicode.UnicodeTest.test_codecs_utf7 crashes in debug mode. What happens is the unicode string u'\U000abcde' with a length of 1 encodes to the string '+2m/c3g-' of length 8. Since only 5 bytes is reserved in the buffer, a buffer overrun occurs.
author: Alexandre Vassalotti <alexandre@peadrop.com> 2009-07-07 02:17:30 +0000
committer: Alexandre Vassalotti <alexandre@peadrop.com> 2009-07-07 02:17:30 +0000
commit: fd00916c2e460a8cf16acc46409469d19bc48805 (patch)
tree: e414361f66c3713c6eb0c7f48be0fcd5d56154ca /Objects/unicodeobject.c
parent: 23a736a4f06cabf9c1f1b57fd6bd7b4fabc8ca08 (diff)
download: cpython-git-fd00916c2e460a8cf16acc46409469d19bc48805.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index c42cd0c6b3..0b23e71f3d 100644
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -1752,7 +1752,7 @@ PyObject *PyUnicode_EncodeUTF7(const Py_UNICODE *s,
 {
     PyObject *v;
     /* It might be possible to tighten this worst case */
-    Py_ssize_t allocated = 5 * size;
+    Py_ssize_t allocated = 8 * size;
     int inShift = 0;
     Py_ssize_t i = 0;
     unsigned int base64bits = 0;
@@ -1760,7 +1760,7 @@ PyObject *PyUnicode_EncodeUTF7(const Py_UNICODE *s,
     char * out;
     char * start;
 
-    if (allocated / 5 != size)
+    if (allocated / 8 != size)
         return PyErr_NoMemory();
 
     if (size == 0)
author	Alexandre Vassalotti <alexandre@peadrop.com>	2009-07-07 02:17:30 +0000
committer	Alexandre Vassalotti <alexandre@peadrop.com>	2009-07-07 02:17:30 +0000
commit	fd00916c2e460a8cf16acc46409469d19bc48805 (patch)
tree	e414361f66c3713c6eb0c7f48be0fcd5d56154ca /Objects/unicodeobject.c
parent	23a736a4f06cabf9c1f1b57fd6bd7b4fabc8ca08 (diff)
download	cpython-git-fd00916c2e460a8cf16acc46409469d19bc48805.tar.gz