diff options
author | Gregory P. Smith <greg@krypto.org> | 2018-11-14 11:55:07 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-11-14 11:55:07 -0800 |
commit | b6f4472dc4190e2fd668490d86aeefd2ab0df935 (patch) | |
tree | cf7a6d30f6ce9c30789fed3931c1f01a1ac89ff9 /Objects | |
parent | 815fa49d1030b52a6e5fae924f92907240d90155 (diff) | |
download | cpython-git-b6f4472dc4190e2fd668490d86aeefd2ab0df935.tar.gz |
[2.7] bpo-35214: Fix OOB memory access in unicode escape parser (GH-10506) (GH-10538)
Discovered using clang's MemorySanitizer.
A msan build will fail by simply executing: ./python -c 'u"\N"'
(cherry picked from commit 746b2d3)
Co-authored-by: Gregory P. Smith <greg@krypto.org> [Google LLC]
Diffstat (limited to 'Objects')
-rw-r--r-- | Objects/unicodeobject.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c index b76db619ad..21d994cdd6 100644 --- a/Objects/unicodeobject.c +++ b/Objects/unicodeobject.c @@ -2950,7 +2950,7 @@ PyObject *PyUnicode_DecodeUnicodeEscape(const char *s, if (ucnhash_CAPI == NULL) goto ucnhashError; } - if (*s == '{') { + if (s < end && *s == '{') { const char *start = s+1; /* look for the closing brace */ while (*s != '}' && s < end) |