mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-03 16:39:00 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

Issue #29444: Fixed out-of-bounds buffer access in the group() method of

Browse source 
the match object.  Based on patch by WGH.
This commit is contained in:
Serhiy Storchaka 2017-02-04 22:53:57 +02:00
parent c7611362b4
commit 7e10dbbd45
3 changed files with 20 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

9
Modules/_sre.c
View file

@ -2015,6 +2015,7 @@ match_getslice_by_index(MatchObject* self, Py_ssize_t index, PyObject* def)
Py_buffer view;
PyObject *result;
void* ptr;
Py_ssize_t i, j;
if (index < 0 || index >= self->groups) {
/* raise IndexError if we were given a bad group number */
@ -2036,8 +2037,12 @@ match_getslice_by_index(MatchObject* self, Py_ssize_t index, PyObject* def)
ptr = getstring(self->string, &length, &isbytes, &charsize, &view);
if (ptr == NULL)
return NULL;
result = getslice(isbytes, ptr,
self->string, self->mark[index], self->mark[index+1]);
i = self->mark[index];
j = self->mark[index+1];
i = Py_MIN(i, length);
j = Py_MIN(j, length);
result = getslice(isbytes, ptr, self->string, i, j);
if (isbytes && view.buf != NULL)
PyBuffer_Release(&view);
return result;