[issue14579] CVE-2012-2135: Vulnerability in the utf-16 decoder after error handling
STINNER Victor
report at bugs.python.org
Thu Apr 26 13:36:26 CEST 2012
STINNER Victor <victor.stinner at gmail.com> added the comment:
I ran tests of utf16_error_handling-3.2_4.patch on Python 3.1. Two tests are failing:
- b'\x00\xd8'.decode('utf-16le', 'replace')='\ufffd\ufffd' != '\ufffd'
- b'\xd8\x00'.decode('utf-16be', 'replace')='\ufffd\ufffd' != '\ufffd'
I don't think that the test is correct: UTF-16 should resynchronize as early as possible (ignore the first invalid byte and restart at the following byte), so '\ufffd\ufffd' is the correct answer.
Another examples:
- b'\xd8\x00\x41'.decode('utf-16be', 'replace') should return '�A' (\ufffdA')
- with UTF-8 decoder: (b'\xC3' + '\xe9'.encode('utf-8')).decode('utf-8', 'replace') returns '\ufffd\xe9'
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue14579>
_______________________________________
More information about the Python-bugs-list
mailing list