From: Benjamin Peterson Date: Sat, 19 Jul 2008 22:26:35 +0000 (+0000) Subject: Merged revisions 65147 via svnmerge from X-Git-Tag: v3.0b3~258 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7af6eec6d05e336d4e64c37f458b4fa68752e9d3;p=python Merged revisions 65147 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r65147 | bob.ippolito | 2008-07-19 16:59:50 -0500 (Sat, 19 Jul 2008) | 1 line #3322: bounds checking for _json.scanstring ........ --- diff --git a/Modules/_json.c b/Modules/_json.c index a4308fdc7e..1cf1e63cd5 100644 --- a/Modules/_json.c +++ b/Modules/_json.c @@ -236,6 +236,10 @@ scanstring_str(PyObject *pystr, Py_ssize_t end, char *encoding, int strict) if (chunks == NULL) { goto bail; } + if (end < 0 || len <= end) { + PyErr_SetString(PyExc_ValueError, "end is out of bounds"); + goto bail; + } while (1) { /* Find the end of the string or the next escape */ Py_UNICODE c = 0; @@ -246,7 +250,7 @@ scanstring_str(PyObject *pystr, Py_ssize_t end, char *encoding, int strict) break; } else if (strict && c <= 0x1f) { - raise_errmsg("Invalid control character at", pystr, begin); + raise_errmsg("Invalid control character at", pystr, next); goto bail; } } @@ -401,6 +405,10 @@ scanstring_unicode(PyObject *pystr, Py_ssize_t end, int strict) if (chunks == NULL) { goto bail; } + if (end < 0 || len <= end) { + PyErr_SetString(PyExc_ValueError, "end is out of bounds"); + goto bail; + } while (1) { /* Find the end of the string or the next escape */ Py_UNICODE c = 0; @@ -411,7 +419,7 @@ scanstring_unicode(PyObject *pystr, Py_ssize_t end, int strict) break; } else if (strict && c <= 0x1f) { - raise_errmsg("Invalid control character at", pystr, begin); + raise_errmsg("Invalid control character at", pystr, next); goto bail; } }