[Python-checkins] cpython (2.7): fix possible integer overflow in binascii.b2a_qp (closes #27760)
benjamin.peterson
python-checkins at python.org
Sat Aug 13 21:37:32 EDT 2016
https://hg.python.org/cpython/rev/af42635b5ed1
changeset: 102645:af42635b5ed1
branch: 2.7
parent: 102641:1ab60d0686df
user: Benjamin Peterson <benjamin at python.org>
date: Sat Aug 13 18:33:33 2016 -0700
summary:
fix possible integer overflow in binascii.b2a_qp (closes #27760)
Reported by Thomas E. Hybel
files:
Misc/NEWS | 2 ++
Modules/binascii.c | 25 ++++++++++++++++---------
2 files changed, 18 insertions(+), 9 deletions(-)
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -29,6 +29,8 @@
Library
-------
+- Issue #27760: Fix possible integer overflow in binascii.b2a_qp.
+
- In the curses module, raise an error if window.getstr() is passed a negative
value.
diff --git a/Modules/binascii.c b/Modules/binascii.c
--- a/Modules/binascii.c
+++ b/Modules/binascii.c
@@ -1316,6 +1316,7 @@
/* First, scan to see how many characters need to be encoded */
in = 0;
while (in < datalen) {
+ Py_ssize_t delta = 0;
if ((data[in] > 126) ||
(data[in] == '=') ||
(header && data[in] == '_') ||
@@ -1331,12 +1332,12 @@
if ((linelen + 3) >= MAXLINESIZE) {
linelen = 0;
if (crlf)
- odatalen += 3;
+ delta += 3;
else
- odatalen += 2;
+ delta += 2;
}
linelen += 3;
- odatalen += 3;
+ delta += 3;
in++;
}
else {
@@ -1348,11 +1349,11 @@
linelen = 0;
/* Protect against whitespace on end of line */
if (in && ((data[in-1] == ' ') || (data[in-1] == '\t')))
- odatalen += 2;
+ delta += 2;
if (crlf)
- odatalen += 2;
+ delta += 2;
else
- odatalen += 1;
+ delta += 1;
if (data[in] == '\r')
in += 2;
else
@@ -1364,15 +1365,21 @@
(linelen + 1) >= MAXLINESIZE) {
linelen = 0;
if (crlf)
- odatalen += 3;
+ delta += 3;
else
- odatalen += 2;
+ delta += 2;
}
linelen++;
- odatalen++;
+ delta++;
in++;
}
}
+ if (PY_SSIZE_T_MAX - delta < odatalen) {
+ PyBuffer_Release(&pdata);
+ PyErr_NoMemory();
+ return NULL;
+ }
+ odatalen += delta;
}
/* We allocate the output same size as input, this is overkill.
--
Repository URL: https://hg.python.org/cpython
More information about the Python-checkins
mailing list