From: Alexandre Vassalotti Date: Tue, 21 Jul 2009 00:39:03 +0000 (+0000) Subject: Merged revisions 73871 via svnmerge from X-Git-Tag: v3.2a1~2776 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e85bd987c466d8022a2a3d746af2fdf991dcb0e4;p=python Merged revisions 73871 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r73871 | alexandre.vassalotti | 2009-07-06 22:17:30 -0400 (Mon, 06 Jul 2009) | 7 lines Grow the allocated buffer in PyUnicode_EncodeUTF7 to avoid buffer overrun. Without this change, test_unicode.UnicodeTest.test_codecs_utf7 crashes in debug mode. What happens is the unicode string u'\U000abcde' with a length of 1 encodes to the string '+2m/c3g-' of length 8. Since only 5 bytes is reserved in the buffer, a buffer overrun occurs. ........ --- diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c index 305289bc78..758d05489e 100644 --- a/Objects/unicodeobject.c +++ b/Objects/unicodeobject.c @@ -2044,7 +2044,7 @@ PyObject *PyUnicode_EncodeUTF7(const Py_UNICODE *s, { PyObject *v; /* It might be possible to tighten this worst case */ - Py_ssize_t allocated = 5 * size; + Py_ssize_t allocated = 8 * size; int inShift = 0; Py_ssize_t i = 0; unsigned int base64bits = 0; @@ -2055,7 +2055,7 @@ PyObject *PyUnicode_EncodeUTF7(const Py_UNICODE *s, if (size == 0) return PyBytes_FromStringAndSize(NULL, 0); - if (allocated / 5 != size) + if (allocated / 8 != size) return PyErr_NoMemory(); v = PyBytes_FromStringAndSize(NULL, allocated);