cpython

mirror of https://github.com/python/cpython.git synced 2025-08-04 08:59:19 +00:00

History

Serhiy Storchaka 8d35fd1b34 [3.9] gh-133767: Fix use-after-free in the unicode-escape decoder with an error handler (GH-129648) (GH-133944) (#134346 ) * [3.9] gh-133767: Fix use-after-free in the unicode-escape decoder with an error handler (GH-129648) (GH-133944) If the error handler is used, a new bytes object is created to set as the object attribute of UnicodeDecodeError, and that bytes object then replaces the original data. A pointer to the decoded data will became invalid after destroying that temporary bytes object. So we need other way to return the first invalid escape from _PyUnicode_DecodeUnicodeEscapeInternal(). _PyBytes_DecodeEscape() does not have such issue, because it does not use the error handlers registry, but it should be changed for compatibility with _PyUnicode_DecodeUnicodeEscapeInternal(). (cherry picked from commit `9f69a58623`) (cherry picked from commit `6279eb8c07`) (cherry picked from commit `a75953b347`) (cherry picked from commit `0c33e5baed`) (cherry picked from commit `8b528cacbb`) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>		2025-06-02 17:58:01 +02:00
..
parse.c	[3.9] bpo-46110: Add a recursion check to avoid stack overflow in the PEG parser (GH-30177) (#30215 )	2021-12-20 17:18:13 +00:00
parse_string.c	[3.9] gh-133767: Fix use-after-free in the unicode-escape decoder with an error handler (GH-129648) (GH-133944) (#134346 )	2025-06-02 17:58:01 +02:00
parse_string.h	bpo-40334: Fix error location upon parsing an invalid string literal (GH-19962)	2020-05-07 11:37:51 +01:00
peg_api.c	bpo-40334: Make the PyPegen* and PyParser* APIs more consistent (GH-19839)	2020-05-01 18:30:51 +01:00
pegen.c	[3.9] gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96502 )	2022-09-05 11:21:03 +02:00
pegen.h	bpo-43555: Report the column offset for invalid line continuation character (GH-24939) (#24975 )	2021-03-22 19:07:05 +00:00