From 16dfca4d829e45f36e71bf43f83226659ce49315 Mon Sep 17 00:00:00 2001
From: INADA Naoki <methane@users.noreply.github.com>
Date: Sat, 14 Jul 2018 12:06:43 +0900
Subject: bpo-34087: Fix buffer overflow in int(s) and similar functions
 (GH-8274)

`_PyUnicode_TransformDecimalAndSpaceToASCII()` missed trailing NUL char.
It caused buffer overflow in `_Py_string_to_number_with_underscores()`.

This bug is introduced in 9b6c60cb.
---
 Python/pystrtod.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'Python/pystrtod.c')

diff --git a/Python/pystrtod.c b/Python/pystrtod.c
index 3546d44c84..461e8dcb5e 100644
--- a/Python/pystrtod.c
+++ b/Python/pystrtod.c
@@ -391,6 +391,8 @@ _Py_string_to_number_with_underscores(
     char *dup, *end;
     PyObject *result;
 
+    assert(s[orig_len] == '\0');
+
     if (strchr(s, '_') == NULL) {
         return innerfunc(s, orig_len, arg);
     }
-- 
cgit v1.2.1