mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-10 11:00:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Fix out of bounds read in long_new() for empty bytes with an explicit base. int(b'', somebase) calls PyLong_FromString() with char* of length 1 but the function accesses the first argument at offset 1. CID 715359

Browse source
This commit is contained in:
Christian Heimes 2012-09-12 15:32:06 +02:00
commit 7ae251a025
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Objects/longobject.c
View file

@ -4285,8 +4285,8 @@ long_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
string = PyByteArray_AS_STRING(x); string = PyByteArray_AS_STRING(x);
else else
string = PyBytes_AS_STRING(x); string = PyBytes_AS_STRING(x);
if (strlen(string) != (size_t)size) { if (strlen(string) != (size_t)size || !size) {
/* We only see this if there's a null byte in x, /* We only see this if there's a null byte in x or x is empty,
x is a bytes or buffer, *and* a base is given. */ x is a bytes or buffer, *and* a base is given. */
PyErr_Format(PyExc_ValueError, PyErr_Format(PyExc_ValueError,
"invalid literal for int() with base %d: %R", "invalid literal for int() with base %d: %R",