mirrors/uv
1
0
Fork 0
mirror of https://github.com/astral-sh/uv.git synced 2025-07-07 13:25:00 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix index out of bounds in SourceDistributionFilename::parse (#353)

Browse source 
Found this one in the top 8k pypi tests too
This commit is contained in:
konsti 2023-11-07 12:44:40 +01:00 committed by GitHub
parent f96865edd1
commit c11586f2f0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

19
crates/distribution-filename/src/source_distribution.rs
View file

@ -71,13 +71,17 @@ impl SourceDistributionFilename {
));
};
if stem.len() <= package_name.as_ref().len() + "-".len() {
return Err(SourceDistributionFilenameError::InvalidFilename {
filename: filename.to_string(),
package_name: package_name.to_string(),
});
}
let actual_package_name = PackageName::from_str(&stem[..package_name.as_ref().len()])
.map_err(|err| {
SourceDistributionFilenameError::InvalidPackageName(filename.to_string(), err)
})?;
if stem.len() <= package_name.as_ref().len() + "-".len()
|| &actual_package_name != package_name
{
if &actual_package_name != package_name {
return Err(SourceDistributionFilenameError::InvalidFilename {
filename: filename.to_string(),
package_name: package_name.to_string(),
@ -154,4 +158,13 @@ mod tests {
.is_err());
}
}
#[test]
fn name_to_long() {
assert!(SourceDistributionFilename::parse(
"foo.zip",
&PackageName::from_str("foo-lib").unwrap()
)
.is_err());
}
}