mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-09-27 02:39:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 13

gh-99581: Fix a buffer overflow in the tokenizer when copying lines that fill the available buffer (#99605)

Browse source
This commit is contained in:
Pablo Galindo Salgado 2022-11-20 20:20:03 +00:00 committed by GitHub
parent abf5b6ff43
commit e13d1d9dda
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Parser/tokenizer.c
View file

@ -413,7 +413,11 @@ tok_readline_recode(struct tok_state *tok) {
error_ret(tok);
goto error;
}
if (!tok_reserve_buf(tok, buflen + 1)) {
// Make room for the null terminator *and* potentially
// an extra newline character that we may need to artificially
// add.
size_t buffer_size = buflen + 2;
if (!tok_reserve_buf(tok, buffer_size)) {
goto error;
}
memcpy(tok->inp, buf, buflen);
@ -1000,6 +1004,7 @@ tok_underflow_file(struct tok_state *tok) {
return 0;
}
if (tok->inp[-1] != '\n') {
assert(tok->inp + 1 < tok->end);
/* Last line does not end in \n, fake one */
*tok->inp++ = '\n';
*tok->inp = '\0';