[Python-checkins] cpython (2.7): Issue #16411: Fix a bug where zlib.decompressobj().flush() might try to access
nadeem.vawda
python-checkins at python.org
Sun Nov 11 03:20:24 CET 2012
http://hg.python.org/cpython/rev/c3828831861c
changeset: 80353:c3828831861c
branch: 2.7
parent: 80349:94256d7804b8
user: Nadeem Vawda <nadeem.vawda at gmail.com>
date: Sun Nov 11 03:14:56 2012 +0100
summary:
Issue #16411: Fix a bug where zlib.decompressobj().flush() might try to access previously-freed memory.
Patch by Serhiy Storchaka.
files:
Lib/test/test_zlib.py | 12 ++++++++++++
Misc/NEWS | 3 +++
Modules/zlibmodule.c | 2 ++
3 files changed, 17 insertions(+), 0 deletions(-)
diff --git a/Lib/test/test_zlib.py b/Lib/test/test_zlib.py
--- a/Lib/test/test_zlib.py
+++ b/Lib/test/test_zlib.py
@@ -396,6 +396,18 @@
y += dco.flush()
self.assertEqual(y, 'foo')
+ def test_flush_with_freed_input(self):
+ # Issue #16411: decompressor accesses input to last decompress() call
+ # in flush(), even if this object has been freed in the meanwhile.
+ input1 = 'abcdefghijklmnopqrstuvwxyz'
+ input2 = 'QWERTYUIOPASDFGHJKLZXCVBNM'
+ data = zlib.compress(input1)
+ dco = zlib.decompressobj()
+ dco.decompress(data, 1)
+ del data
+ data = zlib.compress(input2)
+ self.assertEqual(dco.flush(), input1[1:])
+
if hasattr(zlib.compressobj(), "copy"):
def test_compresscopy(self):
# Test copying a compression object
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -140,6 +140,9 @@
Library
-------
+- Issue #16411: Fix a bug where zlib.decompressobj().flush() might try to access
+ previously-freed memory. Patch by Serhiy Storchaka.
+
- Issue #16350: zlib.decompressobj().decompress() now accumulates data from
successive calls after EOF in unused_data, instead of only saving the argument
to the last call. decompressobj().flush() now correctly sets unused_data and
diff --git a/Modules/zlibmodule.c b/Modules/zlibmodule.c
--- a/Modules/zlibmodule.c
+++ b/Modules/zlibmodule.c
@@ -830,6 +830,8 @@
ENTER_ZLIB
start_total_out = self->zst.total_out;
+ self->zst.avail_in = PyBytes_GET_SIZE(self->unconsumed_tail);
+ self->zst.next_in = (Byte *)PyBytes_AS_STRING(self->unconsumed_tail);
self->zst.avail_out = length;
self->zst.next_out = (Byte *)PyString_AS_STRING(retval);
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list