bounds check for bad data (thanks amaury)

diff --git a/Lib/test/test_codecs.py b/Lib/test/test_codecs.py
index f342d88b9f6a9306f72a9a4feb955422d4edc2eb..42d0da3e703bba9db6f69db0eceee986329a1675 100644 (file)
--- a/Lib/test/test_codecs.py
+++ b/Lib/test/test_codecs.py
@@ -645,6 +645,8 @@ class UTF8Test(ReadTest):
         self.assertEqual(b"abc\xed\xa0\x80def".decode("utf-8", "surrogatepass"),
                          "abc\ud800def")
         self.assertTrue(codecs.lookup_error("surrogatepass"))
+        with self.assertRaises(UnicodeDecodeError):
+            b"abc\xed\xa0".decode("utf-8", "surrogatepass")
 
 class UTF7Test(ReadTest):
     encoding = "utf-7"

diff --git a/Python/codecs.c b/Python/codecs.c
index c7f4a9cbc1a43f62aa938212857dce72f62fe416..90f1cf6ad0fc75e4d5bda0f304075695b7a35c8b 100644 (file)
--- a/Python/codecs.c
+++ b/Python/codecs.c
@@ -821,9 +821,10 @@ PyCodec_SurrogatePassErrors(PyObject *exc)
         /* Try decoding a single surrogate character. If
            there are more, let the codec call us again. */
         p += start;
-        if ((p[0] & 0xf0) == 0xe0 ||
-            (p[1] & 0xc0) == 0x80 ||
-            (p[2] & 0xc0) == 0x80) {
+        if (strlen(p) > 2 &&
+            ((p[0] & 0xf0) == 0xe0 ||
+             (p[1] & 0xc0) == 0x80 ||
+             (p[2] & 0xc0) == 0x80)) {
             /* it's a three-byte code */
             ch = ((p[0] & 0x0f) << 12) + ((p[1] & 0x3f) << 6) + (p[2] & 0x3f);
             if (ch < 0xd800 || ch > 0xdfff)