diff options
| author | INADA Naoki <methane@users.noreply.github.com> | 2018-07-14 12:06:43 +0900 | 
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-07-14 12:06:43 +0900 | 
| commit | 16dfca4d829e45f36e71bf43f83226659ce49315 (patch) | |
| tree | f06c2f627ae2b4984d1c56ae97248b6eb5c51c38 /Python | |
| parent | cafaf0447b950fd4f59edd8cbde040c61ae528f8 (diff) | |
| download | cpython-git-16dfca4d829e45f36e71bf43f83226659ce49315.tar.gz | |
bpo-34087: Fix buffer overflow in int(s) and similar functions (GH-8274)
`_PyUnicode_TransformDecimalAndSpaceToASCII()` missed trailing NUL char.
It caused buffer overflow in `_Py_string_to_number_with_underscores()`.
This bug is introduced in 9b6c60cb.
Diffstat (limited to 'Python')
| -rw-r--r-- | Python/pystrtod.c | 2 | 
1 files changed, 2 insertions, 0 deletions
| diff --git a/Python/pystrtod.c b/Python/pystrtod.c index 3546d44c84..461e8dcb5e 100644 --- a/Python/pystrtod.c +++ b/Python/pystrtod.c @@ -391,6 +391,8 @@ _Py_string_to_number_with_underscores(      char *dup, *end;      PyObject *result; +    assert(s[orig_len] == '\0'); +      if (strchr(s, '_') == NULL) {          return innerfunc(s, orig_len, arg);      } | 
