#16336: fix input checking in the surrogatepass error handler. Patch by Serhiy Storc...

diff --git a/Lib/test/test_codecs.py b/Lib/test/test_codecs.py
index 42d0da3e703bba9db6f69db0eceee986329a1675..0f7c23efccb90e111f8de4535bfd4a1d1c2c6aaa 100644 (file)
--- a/Lib/test/test_codecs.py
+++ b/Lib/test/test_codecs.py
@@ -647,6 +647,8 @@ class UTF8Test(ReadTest):
         self.assertTrue(codecs.lookup_error("surrogatepass"))
         with self.assertRaises(UnicodeDecodeError):
             b"abc\xed\xa0".decode("utf-8", "surrogatepass")
+        with self.assertRaises(UnicodeDecodeError):
+            b"abc\xed\xa0z".decode("utf-8", "surrogatepass")
 
 class UTF7Test(ReadTest):
     encoding = "utf-7"

diff --git a/Misc/NEWS b/Misc/NEWS
index 0c318322d09baeab55505e3672db9f5f5cda75c6..565ebcde8f24661dd67ddf2e13125ea05cb343f0 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -10,6 +10,9 @@ What's New in Python 3.2.4
 Core and Builtins
 -----------------
 
+- Issue #16336: fix input checking in the surrogatepass error handler.
+  Patch by Serhiy Storchaka.
+
 - Issue #8401: assigning an int to a bytearray slice (e.g. b[3:4] = 5) now
   raises an error.
 

diff --git a/Python/codecs.c b/Python/codecs.c
index 90f1cf6ad0fc75e4d5bda0f304075695b7a35c8b..e21834a5c10d671d34aa020958b12a40d30005ce 100644 (file)
--- a/Python/codecs.c
+++ b/Python/codecs.c
@@ -821,10 +821,10 @@ PyCodec_SurrogatePassErrors(PyObject *exc)
         /* Try decoding a single surrogate character. If
            there are more, let the codec call us again. */
         p += start;
-        if (strlen(p) > 2 &&
-            ((p[0] & 0xf0) == 0xe0 ||
-             (p[1] & 0xc0) == 0x80 ||
-             (p[2] & 0xc0) == 0x80)) {
+        if (PyBytes_GET_SIZE(object) - start >= 3 &&
+            (p[0] & 0xf0) == 0xe0 &&
+            (p[1] & 0xc0) == 0x80 &&
+            (p[2] & 0xc0) == 0x80) {
             /* it's a three-byte code */
             ch = ((p[0] & 0x0f) << 12) + ((p[1] & 0x3f) << 6) + (p[2] & 0x3f);
             if (ch < 0xd800 || ch > 0xdfff)