summaryrefslogtreecommitdiff
path: root/Python/pystrtod.c
diff options
context:
space:
mode:
authorINADA Naoki <methane@users.noreply.github.com>2018-07-14 12:06:43 +0900
committerGitHub <noreply@github.com>2018-07-14 12:06:43 +0900
commit16dfca4d829e45f36e71bf43f83226659ce49315 (patch)
treef06c2f627ae2b4984d1c56ae97248b6eb5c51c38 /Python/pystrtod.c
parentcafaf0447b950fd4f59edd8cbde040c61ae528f8 (diff)
downloadcpython-git-16dfca4d829e45f36e71bf43f83226659ce49315.tar.gz
bpo-34087: Fix buffer overflow in int(s) and similar functions (GH-8274)
`_PyUnicode_TransformDecimalAndSpaceToASCII()` missed trailing NUL char. It caused buffer overflow in `_Py_string_to_number_with_underscores()`. This bug is introduced in 9b6c60cb.
Diffstat (limited to 'Python/pystrtod.c')
-rw-r--r--Python/pystrtod.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/Python/pystrtod.c b/Python/pystrtod.c
index 3546d44c84..461e8dcb5e 100644
--- a/Python/pystrtod.c
+++ b/Python/pystrtod.c
@@ -391,6 +391,8 @@ _Py_string_to_number_with_underscores(
char *dup, *end;
PyObject *result;
+ assert(s[orig_len] == '\0');
+
if (strchr(s, '_') == NULL) {
return innerfunc(s, orig_len, arg);
}