[issue3322] bugs in scanstring_str() and scanstring_unicode() of _json module
STINNER Victor
report at bugs.python.org
Wed Jul 9 00:58:10 CEST 2008
New submission from STINNER Victor <haypo at users.sourceforge.net>:
scanstring_str() and scanstring_unicode() functions don't end value
whereas it can be outside input string range. A check like this is
needed:
if (end < 0 || len <= end) {
PyErr_SetString(PyExc_ValueError, "xxx");
return NULL;
}
next is set to begin but few lines later (before first use of next),
it's set to end: for (next = end; ...).
In error message, eg. "Invalid control character at (...)", begin is
used as character position but I think that the right position is in
the variable "end" (or maybe "next"?).
I'm unable to fix these functions because I don't understand the code.
----------
components: Library (Lib)
messages: 69447
nosy: haypo
severity: normal
status: open
title: bugs in scanstring_str() and scanstring_unicode() of _json module
type: crash
versions: Python 2.6
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue3322>
_______________________________________
More information about the Python-bugs-list
mailing list