[2.7] bpo-35214: Fix OOB memory access in unicode escape parser (GH-10506) (GH-10538)

Discovered using clang's MemorySanitizer. A msan build will fail by simply executing: ./python -c 'u"\N"' (cherry picked from commit 746b2d3) Co-authored-by: Gregory P. Smith <greg@krypto.org> [Google LLC]
author: Gregory P. Smith <greg@krypto.org> 2018-11-14 11:55:07 -0800
committer: GitHub <noreply@github.com> 2018-11-14 11:55:07 -0800
commit: b6f4472dc4190e2fd668490d86aeefd2ab0df935 (patch)
tree: cf7a6d30f6ce9c30789fed3931c1f01a1ac89ff9 /Objects
parent: 815fa49d1030b52a6e5fae924f92907240d90155 (diff)
download: cpython-git-b6f4472dc4190e2fd668490d86aeefd2ab0df935.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index b76db619ad..21d994cdd6 100644
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -2950,7 +2950,7 @@ PyObject *PyUnicode_DecodeUnicodeEscape(const char *s,
                 if (ucnhash_CAPI == NULL)
                     goto ucnhashError;
             }
-            if (*s == '{') {
+            if (s < end && *s == '{') {
                 const char *start = s+1;
                 /* look for the closing brace */
                 while (*s != '}' && s < end)
author	Gregory P. Smith <greg@krypto.org>	2018-11-14 11:55:07 -0800
committer	GitHub <noreply@github.com>	2018-11-14 11:55:07 -0800
commit	b6f4472dc4190e2fd668490d86aeefd2ab0df935 (patch)
tree	cf7a6d30f6ce9c30789fed3931c1f01a1ac89ff9 /Objects
parent	815fa49d1030b52a6e5fae924f92907240d90155 (diff)
download	cpython-git-b6f4472dc4190e2fd668490d86aeefd2ab0df935.tar.gz