Backport fixes for the code that decodes octal escapes (and for PyString
also hex escapes) -- this was reaching beyond the end of the input string
buffer, even though it is not supposed to be \0-terminated.
This has no visible effect but is clearly the correct thing to do.
(In 3.0 it had a visible effect after removing ob_sstate from PyString.)
Also fixes #1098.
case '0': case '1': case '2': case '3':
case '4': case '5': case '6': case '7':
c = s[-1] - '0';
- if ('0' <= *s && *s <= '7') {
+ if (s < end && '0' <= *s && *s <= '7') {
c = (c<<3) + *s++ - '0';
- if ('0' <= *s && *s <= '7')
+ if (s < end && '0' <= *s && *s <= '7')
c = (c<<3) + *s++ - '0';
}
*p++ = c;
break;
case 'x':
- if (isxdigit(Py_CHARMASK(s[0]))
- && isxdigit(Py_CHARMASK(s[1]))) {
+ if (s+1 < end &&
+ isxdigit(Py_CHARMASK(s[0])) &&
+ isxdigit(Py_CHARMASK(s[1])))
+ {
unsigned int x = 0;
c = Py_CHARMASK(*s);
s++;
startinpos = s-starts;
/* \ - Escapes */
s++;
- switch (*s++) {
+ c = *s++;
+ if (s > end)
+ c = '\0'; /* Invalid after \ */
+ switch (c) {
/* \x escapes */
case '\n': break;
case '0': case '1': case '2': case '3':
case '4': case '5': case '6': case '7':
x = s[-1] - '0';
- if ('0' <= *s && *s <= '7') {
+ if (s < end && '0' <= *s && *s <= '7') {
x = (x<<3) + *s++ - '0';
- if ('0' <= *s && *s <= '7')
+ if (s < end && '0' <= *s && *s <= '7')
x = (x<<3) + *s++ - '0';
}
*p++ = x;
projects / python / commitdiff